Overview

overview

8

Static

static

1

Staveres.exe

windows7-x64

8

Staveres.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    JUSTIFICANTE.PDF1120.rar

  • Size

    392KB

  • Sample

    231120-s1njpsgh54

  • MD5

    08292909d0b9008ce7ee030382e54486

  • SHA1

    56817c5158d445ec0135aacac0a2e1b2a5439b0c

  • SHA256

    3d7d732ed2615d5e712a8f58d5b74abe2e3f91e250a61f09cf0e25fb7e548e82

  • SHA512

    87e725513164ae60c6c7d774e67d99b1e0c2fff9eec09cb4bddf7c837076d2bbf508d1f046d0ffebec22ecd0769ff480dee1eda94c02af833db3bfba76e4279e

  • SSDEEP

    6144:rPqycLm2RyuovXqCTLqijAACMBTK+LSI/XjgJXXO6y42MIr1a06ic5:DqjLm2cvbrjAACMBs6z0OgakZ

Score
8/10
persistence

Malware Config

Targets

    • Target

      Staveres.exe

    • Size

      459KB

    • MD5

      1d817513c51104071b5c310203a90139

    • SHA1

      e6e1a674ff10efa42cfa4db53e10fbe7884f7260

    • SHA256

      6fb3981c8ede1c32d2ad2d36ef5c2cd825fd7b6c99accce7475af9037e396230

    • SHA512

      ff82c028b3baa2fa35b1d9cca90389face064b17614f699d529349ca670b57b453521afb62676fde653fec074d7f338af5b27c0303abf06ffcb7bdb9e2db22ef

    • SSDEEP

      6144:pR+xXfJp6qOC0IdGFsnNmFXBf/NdU9ETyApuPzLwv2uvGfBbazwJoek5TkRvODXT:HqjLPd38RfvU9ETye862LbteV0v4Zl

    Score
    8/10
    persistence

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks