Overview

overview

10

Static

static

10

enc.exe

windows7-x64

1

enc.exe

windows10-2004-x64

10

Resubmissions

07-02-2023 19:55

230207-yngtaafd73 10

07-02-2023 18:36

230207-w9awradb82 10

07-02-2023 18:33

230207-w67rbagd6w 10

07-02-2023 18:22

230207-wz1pesgd3v 10

06-02-2023 08:47

230206-kp6bdagc2s 10

05-02-2023 06:30

230205-g9r3psbg2y 10

05-02-2023 05:12

230205-fwa2labf3w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    enc.exe

  • Size

    7.0MB

  • Sample

    230207-w67rbagd6w

  • MD5

    2c3fd1791655c8e7c0f593bb73c405ab

  • SHA1

    dc872a099c9639dd0f892493af332581b4cb3945

  • SHA256

    cf999aff9bd0eff93c30faaf278035f58ccf70d690b54b2ddff8461b846008f2

  • SHA512

    8fee2d35e0eb72d4ca0b1d7e72be2c7909cb92e33b7410b6ec7db6eeae0044d35ce6829610ed46a8207356f1e868dcbfd4d26b1b2ea9f0d458e168a5f1589f7d

  • SSDEEP

    98304:bAQQU9TWEdwOY7jhM28X5dq8Lk1BssJJmk3os1hV:bAQQU4Mw37jhUX5KAsJJmcoeL

Score
10/10
blackcatpersistence

Malware Config

Targets

    • Target

      enc.exe

    • Size

      7.0MB

    • MD5

      2c3fd1791655c8e7c0f593bb73c405ab

    • SHA1

      dc872a099c9639dd0f892493af332581b4cb3945

    • SHA256

      cf999aff9bd0eff93c30faaf278035f58ccf70d690b54b2ddff8461b846008f2

    • SHA512

      8fee2d35e0eb72d4ca0b1d7e72be2c7909cb92e33b7410b6ec7db6eeae0044d35ce6829610ed46a8207356f1e868dcbfd4d26b1b2ea9f0d458e168a5f1589f7d

    • SSDEEP

      98304:bAQQU9TWEdwOY7jhM28X5dq8Lk1BssJJmk3os1hV:bAQQU4Mw37jhUX5KAsJJmcoeL

    Score
    10/10
    persistence

    • Modifies system executable filetype association

      persistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks