Overview

overview

10

Static

static

3

5b0c133fc0...be.exe

windows7-x64

10

5b0c133fc0...be.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5b0c133fc09cadbf44d3a91084d3d0be

  • Size

    653KB

  • Sample

    231226-hrbtfaagf3

  • MD5

    5b0c133fc09cadbf44d3a91084d3d0be

  • SHA1

    1fd1757a03172aeecc21c181a55bc4262f316851

  • SHA256

    6bbce92da526a3e0edf91a6bbb866911a3b948f03919a028196a7c2dbe2ea221

  • SHA512

    5d349d77adb7883c666041d0aa9fdda36a3087d6002900cb126640683bd89a1462cfa7492a711f9767117c1b9aa840734bb9ef20b30a1a3ff63c480d17fd1d85

  • SSDEEP

    6144:UZfec9EbXDk6RkoBEKWnmy+g41rG1VVE+I4:UZWtI6RkoBoquD

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      5b0c133fc09cadbf44d3a91084d3d0be

    • Size

      653KB

    • MD5

      5b0c133fc09cadbf44d3a91084d3d0be

    • SHA1

      1fd1757a03172aeecc21c181a55bc4262f316851

    • SHA256

      6bbce92da526a3e0edf91a6bbb866911a3b948f03919a028196a7c2dbe2ea221

    • SHA512

      5d349d77adb7883c666041d0aa9fdda36a3087d6002900cb126640683bd89a1462cfa7492a711f9767117c1b9aa840734bb9ef20b30a1a3ff63c480d17fd1d85

    • SSDEEP

      6144:UZfec9EbXDk6RkoBEKWnmy+g41rG1VVE+I4:UZWtI6RkoBoquD

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks