Overview

overview

7

Static

static

3

4c47c0a448...bb.zip

windows7-x64

1

4c47c0a448...bb.zip

windows10-2004-x64

1

wgsdgsdgdsgsd.exe

windows7-x64

7

wgsdgsdgdsgsd.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    4c47c0a448de02d094517440df4d9ebb

  • Size

    188KB

  • Sample

    240108-ybf18agahm

  • MD5

    4c47c0a448de02d094517440df4d9ebb

  • SHA1

    db2c62314997fb839a54ab795441271177009b9d

  • SHA256

    22c2749bcdd64ee3afc325f515bde77f16f7484eb8e30c51fff5ad9cb3c1947f

  • SHA512

    20de1db1c94ad959ce5a126e9bd253fc05992500d4af0858ab6733c45532e1409fbd564878ead50db69bc8449ea091dd38ae5aa762a8541f6ee975b9536ef9a0

  • SSDEEP

    3072:/PbuzvJ15jB3LW8018r+DOVib3265+R+CMrUjUUudn+OFysyniMxIU3tt0cMcNNI:Xb85I8NreO+3EQ8jUUS9ZXyt0rcNFn+j

Score
7/10
persistence

Malware Config

Targets

    • Target

      4c47c0a448de02d094517440df4d9ebb

    • Size

      188KB

    • MD5

      4c47c0a448de02d094517440df4d9ebb

    • SHA1

      db2c62314997fb839a54ab795441271177009b9d

    • SHA256

      22c2749bcdd64ee3afc325f515bde77f16f7484eb8e30c51fff5ad9cb3c1947f

    • SHA512

      20de1db1c94ad959ce5a126e9bd253fc05992500d4af0858ab6733c45532e1409fbd564878ead50db69bc8449ea091dd38ae5aa762a8541f6ee975b9536ef9a0

    • SSDEEP

      3072:/PbuzvJ15jB3LW8018r+DOVib3265+R+CMrUjUUudn+OFysyniMxIU3tt0cMcNNI:Xb85I8NreO+3EQ8jUUS9ZXyt0rcNFn+j

    Score
    1/10
    behavioral1behavioral2

    • Target

      wgsdgsdgdsgsd.exe

    • Size

      231KB

    • MD5

      83958cceb1f999ba2c7a74a41b65e528

    • SHA1

      0931d6872fc0f161b6b526605c233196b11f27f5

    • SHA256

      f15cadad17e1c67c984115d113ac2806c32131bb5170f524e4031e01c9808d9b

    • SHA512

      8df77821817858cd07b43eb9f802c8dc5c3964157d3792d13e535ea0bfd7a4ced119ff14f832157564b3bab8f0cfdd58d64339d5e52d10440a33798263ab1021

    • SSDEEP

      6144:5SAP3uarIOe3GQYjUUSDZvSt0rcNNn+VrNmtgFOQOxmZCfjTYSaTpd:5SS3XrIOebtdvLrGN8maFbdZ0jTYfTP

    Score
    7/10
    persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks