Overview

overview

8

Static

static

3

0e9fa391b4...3a.dll

windows7-x64

8

0e9fa391b4...3a.dll

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e9fa391b449719565a188b51105913a

  • Size

    169KB

  • Sample

    231230-e686psgdd4

  • MD5

    0e9fa391b449719565a188b51105913a

  • SHA1

    845b9d1b5d2fcbf23333aa577cb18ccbaed3821b

  • SHA256

    e9063e847f506e45000ee8f983b3db62bc19f2e7fa79edc18f7b8162b6dfe46c

  • SHA512

    01a4f7b305e2fdae2b18dac6f6d29b74299dc5e341e386b912df5f7dc5deb0de1c97e821abf9a9a7b80ef74d296c95b7775e5df26319f1639ccf5390bada72e9

  • SSDEEP

    3072:h58nVS9CNRMrdfbkqaX9y8lJupNO2hOtvncB4SMM99QmVK9yB4U:hmVMCTMrdbWQ8lJ4NO2hOtvLTm0yB

Score
8/10
persistence

Malware Config

Targets

    • Target

      0e9fa391b449719565a188b51105913a

    • Size

      169KB

    • MD5

      0e9fa391b449719565a188b51105913a

    • SHA1

      845b9d1b5d2fcbf23333aa577cb18ccbaed3821b

    • SHA256

      e9063e847f506e45000ee8f983b3db62bc19f2e7fa79edc18f7b8162b6dfe46c

    • SHA512

      01a4f7b305e2fdae2b18dac6f6d29b74299dc5e341e386b912df5f7dc5deb0de1c97e821abf9a9a7b80ef74d296c95b7775e5df26319f1639ccf5390bada72e9

    • SSDEEP

      3072:h58nVS9CNRMrdfbkqaX9y8lJupNO2hOtvncB4SMM99QmVK9yB4U:hmVMCTMrdbWQ8lJ4NO2hOtvLTm0yB

    Score
    8/10
    persistence

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks