Overview

overview

8

Static

static

3

58a0a8f300...1f.exe

windows7-x64

8

58a0a8f300...1f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58a0a8f3005c30d6e8434d5212f646c1c8067a3d175b687077995d0295d6bc1f

  • Size

    4.0MB

  • Sample

    231114-xtargsfg3s

  • MD5

    d4feec881f11cf7fc37ac42207b932dc

  • SHA1

    61789a5d0e8805534aeada038b8dc5bfc341911e

  • SHA256

    58a0a8f3005c30d6e8434d5212f646c1c8067a3d175b687077995d0295d6bc1f

  • SHA512

    1c539104d44d162325297a845ddc021b65d0a1b51aa6e2e804c5307b4bfc4aa2fd8201865eec459c7642022a597e0272c55a7b75a761dc7977e1aa3f1c1b2899

  • SSDEEP

    49152:U4buvgFdqeEiRKkif7durHPiRKk9zbFwih/EiRKkif7durHPiRKkbNy9qUeTyiRF:huMdNBRuf7lRJz2qRuf7lRvNy9NmPRF

Score
8/10
persistence

Malware Config

Targets

    • Target

      58a0a8f3005c30d6e8434d5212f646c1c8067a3d175b687077995d0295d6bc1f

    • Size

      4.0MB

    • MD5

      d4feec881f11cf7fc37ac42207b932dc

    • SHA1

      61789a5d0e8805534aeada038b8dc5bfc341911e

    • SHA256

      58a0a8f3005c30d6e8434d5212f646c1c8067a3d175b687077995d0295d6bc1f

    • SHA512

      1c539104d44d162325297a845ddc021b65d0a1b51aa6e2e804c5307b4bfc4aa2fd8201865eec459c7642022a597e0272c55a7b75a761dc7977e1aa3f1c1b2899

    • SSDEEP

      49152:U4buvgFdqeEiRKkif7durHPiRKk9zbFwih/EiRKkif7durHPiRKkbNy9qUeTyiRF:huMdNBRuf7lRJz2qRuf7lRvNy9NmPRF

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks