Overview

overview

8

Static

static

1

ADZP 20 Complex.exe

windows7-x64

7

ADZP 20 Complex.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ADZP 20 Complex.exe

  • Size

    102KB

  • Sample

    230406-2q1wqahe2w

  • MD5

    b64873bc80527aa8e18c0a3b95244f19

  • SHA1

    af6c574a2b8fac6a565c551a196ce07e92fd05cc

  • SHA256

    30a220aed9f5c0c92a4737a4f32b2ce66eb3d1e8525d0b6879321592b79096ca

  • SHA512

    b78165b6edec3abd32ee2bd0465cbc7e30fc14c32db66b65bebb0c1d5a7061cec85172f26a57b97630baa47ee17405560f17da5f37d9f80d141dba5198158f7c

  • SSDEEP

    1536:j7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf9w2PwpLpNuOh:/7DhdC6kzWypvaQ0FxyNTBf9T8Dv

Score
8/10
discoveryexploitspywarestealer

Malware Config

Targets

    • Target

      ADZP 20 Complex.exe

    • Size

      102KB

    • MD5

      b64873bc80527aa8e18c0a3b95244f19

    • SHA1

      af6c574a2b8fac6a565c551a196ce07e92fd05cc

    • SHA256

      30a220aed9f5c0c92a4737a4f32b2ce66eb3d1e8525d0b6879321592b79096ca

    • SHA512

      b78165b6edec3abd32ee2bd0465cbc7e30fc14c32db66b65bebb0c1d5a7061cec85172f26a57b97630baa47ee17405560f17da5f37d9f80d141dba5198158f7c

    • SSDEEP

      1536:j7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf9w2PwpLpNuOh:/7DhdC6kzWypvaQ0FxyNTBf9T8Dv

    Score
    8/10
    discoveryexploitspywarestealer

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks