Overview

overview

8

Static

static

0ab75e895c...5c.exe

windows7-x64

8

0ab75e895c...5c.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ab75e895c519bf7b419f74fcd1c10704ba4900b7b355bd158d4f05d91899d5c

  • Size

    1019KB

  • Sample

    221225-znhagsca87

  • MD5

    1bf09a98da2fb6cbb59db8ebb4610f25

  • SHA1

    d1afa7d193916ce60094621c9eb4e22ff4fba149

  • SHA256

    e246d3db76ed1bece853623acfe07a76fdc7bcb2d51f9d2110e6e9e5de22759a

  • SHA512

    dcabad0d5fd26b024cbf7de65ae558bd6dade7df0673f229387dff9075596f9fc083cfec4dfcf2b66661602cd0916c9b68fc8b977df32ef032e14938fadfc1a7

  • SSDEEP

    24576:Hb1Yps8bD3442Li3YKS8kYFEJPMG53vhEVHUZQpIgCZp64nS6z1WsSpux:71YKY34fLi35xER7hiNCZpnS6xWsJx

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      0ab75e895c519bf7b419f74fcd1c10704ba4900b7b355bd158d4f05d91899d5c

    • Size

      1.1MB

    • MD5

      141b792875059eeb52d16c29c73ff7c6

    • SHA1

      5cea32e23cf8e965fde8ec18b2b5dc77a9e0fa9b

    • SHA256

      0ab75e895c519bf7b419f74fcd1c10704ba4900b7b355bd158d4f05d91899d5c

    • SHA512

      6cbf0891953e4dde57168e8a475c025ead813773f4215c73528da7443f880d96355cc2d89d26d8ec893bd4e1b305f0985aea42a47d1d8e751cf320b5f428a65f

    • SSDEEP

      24576:o12/s8LTn44mVihYySqkuFEZHIGJ3thWV5U/cpISQbp64ns691iGi:o12kcn49VihrFEl5h0tQbpns6ri

    Score
    8/10
    discoverypersistence

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

      persistence

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks