Overview

overview

10

Static

static

3

1.exe

windows7-x64

10

1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.bin

  • Size

    496KB

  • Sample

    230511-w7km6shb96

  • MD5

    87aaad0c5b8828cad71e09035e29a567

  • SHA1

    450a37eec021aa9e324d1e93484b8877b88287ec

  • SHA256

    9fcb44630b5a502ee3c94751c6736eebc11dbd9268d6c686addabc3e2c5e6acd

  • SHA512

    8c99f3196f6a33d32570b01abfff2b7cd94f072a5be53cc00e95e97da34f0efc30147d5ce1c905277a8cb17f307e9d1dfb151ea28145bfbdbf4f53867c107682

  • SSDEEP

    12288:ypUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsDX:ypUNr6YkVRFkgbeqeo68FhqyX

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      1.bin

    • Size

      496KB

    • MD5

      87aaad0c5b8828cad71e09035e29a567

    • SHA1

      450a37eec021aa9e324d1e93484b8877b88287ec

    • SHA256

      9fcb44630b5a502ee3c94751c6736eebc11dbd9268d6c686addabc3e2c5e6acd

    • SHA512

      8c99f3196f6a33d32570b01abfff2b7cd94f072a5be53cc00e95e97da34f0efc30147d5ce1c905277a8cb17f307e9d1dfb151ea28145bfbdbf4f53867c107682

    • SSDEEP

      12288:ypUJ3r6YkVwJgNnSykgb9cqWnw4q6ZmFhqsDX:ypUNr6YkVRFkgbeqeo68FhqyX

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks