Overview

overview

10

Static

static

3

Confidential.exe

windows7-x64

7

Confidential.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Confidential.exe

  • Size

    6.3MB

  • Sample

    230701-ghr9dsff42

  • MD5

    fccbea6f574c7e047b761e3532707dc1

  • SHA1

    ed32c1494e8b4394616e846eb2f5dacb02cb5b40

  • SHA256

    9abe0ca0b62f85b93c77599e28ad4383972b9b2731735c0d35a1d57c1edf50cc

  • SHA512

    c4c55a1603f0f903d7f20b555c9c27c342a0c174ec0a17425e8bc920a0838a082d3918f280dc378c4b6d9e0d6d60a510bd51061592523cfda5a82653e77d5bfe

  • SSDEEP

    196608:yLBtOdQmRJ8dA6lXCy1ArqkVpKCX+PrF4ZIegh0EVZ:+BodQuslXrAZYCuPJOIeg2u

Score
10/10
evasionpyinstallertrojan

Malware Config

Targets

    • Target

      Confidential.exe

    • Size

      6.3MB

    • MD5

      fccbea6f574c7e047b761e3532707dc1

    • SHA1

      ed32c1494e8b4394616e846eb2f5dacb02cb5b40

    • SHA256

      9abe0ca0b62f85b93c77599e28ad4383972b9b2731735c0d35a1d57c1edf50cc

    • SHA512

      c4c55a1603f0f903d7f20b555c9c27c342a0c174ec0a17425e8bc920a0838a082d3918f280dc378c4b6d9e0d6d60a510bd51061592523cfda5a82653e77d5bfe

    • SSDEEP

      196608:yLBtOdQmRJ8dA6lXCy1ArqkVpKCX+PrF4ZIegh0EVZ:+BodQuslXrAZYCuPJOIeg2u

    Score
    10/10
    evasiontrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks