Overview

overview

8

Static

static

3

0a40131f40...52.exe

windows7-x64

8

0a40131f40...52.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a40131f40a84a7a252c2652af149a52

  • Size

    42KB

  • Sample

    231230-bzyjvabedq

  • MD5

    0a40131f40a84a7a252c2652af149a52

  • SHA1

    ab5c12ec8ce581a046dd21a6115dc8ab1904534f

  • SHA256

    45d18ca41aec1c831d077b210cf7c88da20cc8c1136587163fc2ba7d7c7d777c

  • SHA512

    3d5519e53aeaf369b0ece2a85a0dfb61e828c389d17faa00f66bdb1d2585f6ec526f9b435a002d60c30eb5be1ce9e89eae2159926fcfbbe456c7ec4aad1d0e7e

  • SSDEEP

    768:Nehi6i18f3rIrRC6zjZj0YzI64MdOpkZ8Dew70T670Sg32L:4Yq6CijU/j+kS+xL

Score
8/10
evasionpersistence

Malware Config

Targets

    • Target

      0a40131f40a84a7a252c2652af149a52

    • Size

      42KB

    • MD5

      0a40131f40a84a7a252c2652af149a52

    • SHA1

      ab5c12ec8ce581a046dd21a6115dc8ab1904534f

    • SHA256

      45d18ca41aec1c831d077b210cf7c88da20cc8c1136587163fc2ba7d7c7d777c

    • SHA512

      3d5519e53aeaf369b0ece2a85a0dfb61e828c389d17faa00f66bdb1d2585f6ec526f9b435a002d60c30eb5be1ce9e89eae2159926fcfbbe456c7ec4aad1d0e7e

    • SSDEEP

      768:Nehi6i18f3rIrRC6zjZj0YzI64MdOpkZ8Dew70T670Sg32L:4Yq6CijU/j+kS+xL

    Score
    8/10
    evasionpersistence

    • Blocklisted process makes network request

    • Disables Task Manager via registry modification

      evasion

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks