Overview

overview

8

Static

static

1

07D9EE2994...76.exe

windows7-x64

7

07D9EE2994...76.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    07D9EE29949BB72F1FE5F183A6F37D76.exe

  • Size

    4.5MB

  • Sample

    230831-z7g4tsaf99

  • MD5

    07d9ee29949bb72f1fe5f183a6f37d76

  • SHA1

    95b7bbc15f7e4fea201ecf2e4f138330613ed70f

  • SHA256

    ec86ff71ea265dde2969e203b47ac151888c5b2d9d51511e77cc2ce3c013d2b2

  • SHA512

    46d47426c86a5bdfe8e9888530c9888c05c357f55a6f8aca61d7517c66d68e30a5f46fc65aca31890e1a34d1196e1913edf1a5811ffcdfedd64c1d5cf96d5ea6

  • SSDEEP

    98304:utfl0kYax0dMiNsqWGXwtyxDUZXkqu/f0xFrgfCVTKt:gfl0kYa0JURx4f0rr/Qt

Score
8/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      07D9EE29949BB72F1FE5F183A6F37D76.exe

    • Size

      4.5MB

    • MD5

      07d9ee29949bb72f1fe5f183a6f37d76

    • SHA1

      95b7bbc15f7e4fea201ecf2e4f138330613ed70f

    • SHA256

      ec86ff71ea265dde2969e203b47ac151888c5b2d9d51511e77cc2ce3c013d2b2

    • SHA512

      46d47426c86a5bdfe8e9888530c9888c05c357f55a6f8aca61d7517c66d68e30a5f46fc65aca31890e1a34d1196e1913edf1a5811ffcdfedd64c1d5cf96d5ea6

    • SSDEEP

      98304:utfl0kYax0dMiNsqWGXwtyxDUZXkqu/f0xFrgfCVTKt:gfl0kYa0JURx4f0rr/Qt

    Score
    8/10
    evasiontrojanpersistence

    • Blocklisted process makes network request

    • Disables Task Manager via registry modification

      evasion

    • Downloads MZ/PE file

    • Drops startup file

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks