Overview

overview

8

Static

static

3

6d89f07b7a...10.exe

windows7-x64

3

6d89f07b7a...10.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    6d89f07b7a1a938dbc57c6aa75c80910

  • Size

    1.2MB

  • Sample

    231226-pdplpsafh3

  • MD5

    6d89f07b7a1a938dbc57c6aa75c80910

  • SHA1

    9ce9a368d7637cf0b9fefaed3062bb741ba89585

  • SHA256

    3a28126e14f8394fa35e32950e2c40274c4efb665e267a75ce1e16fccb3260d0

  • SHA512

    f488542da93e9f37bc2d9304646307c17af500d541f8035da4aea926a4c78dc3c6c1d86eb1e494ed79dab18353cefc6103b043e7750966eea47c88d1b5a323df

  • SSDEEP

    24576:48SedSQNRSOBP0ggk3KQUQ6HHGWjd6VBpj2xpaPJGN8+3DxbmzK:4Edzbgk34Q6HmWjd6VBN4paPE36K

Score
8/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      6d89f07b7a1a938dbc57c6aa75c80910

    • Size

      1.2MB

    • MD5

      6d89f07b7a1a938dbc57c6aa75c80910

    • SHA1

      9ce9a368d7637cf0b9fefaed3062bb741ba89585

    • SHA256

      3a28126e14f8394fa35e32950e2c40274c4efb665e267a75ce1e16fccb3260d0

    • SHA512

      f488542da93e9f37bc2d9304646307c17af500d541f8035da4aea926a4c78dc3c6c1d86eb1e494ed79dab18353cefc6103b043e7750966eea47c88d1b5a323df

    • SSDEEP

      24576:48SedSQNRSOBP0ggk3KQUQ6HHGWjd6VBpj2xpaPJGN8+3DxbmzK:4Edzbgk34Q6HmWjd6VBN4paPE36K

    Score
    8/10
    discoveryevasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks