Overview

overview

7

Static

static

3

59cd7810b2...b1.exe

windows7-x64

7

59cd7810b2...b1.exe

windows10-2004-x64

7

39e8d7e57c...f1.exe

windows7-x64

5

39e8d7e57c...f1.exe

windows10-2004-x64

5

Sharing

Copy URL Twitter E-mail

General

  • Target

    59cd7810b2ade259c8ca4367d56c16b1

  • Size

    115KB

  • Sample

    240114-aq38ashfe8

  • MD5

    59cd7810b2ade259c8ca4367d56c16b1

  • SHA1

    4b6e289d9c12eda3a4e17ca481f6ce4bea306cdf

  • SHA256

    dfa3efbd11baa46667fe85472b84301e1c99fba68087d1b5d7c0ad17295c31fb

  • SHA512

    8d39148b7be921676c87666503689d7cfc2c96cad26fea1cc810e887a563f2e99c28137074f7a8f5dcdd88cd6634237a2d34e30bc7546824f31e1096cea95e61

  • SSDEEP

    3072:JQIURUKx5MordTMT3twQWj1W/XtnJbitx089:Jvz86pOkzG

Score
7/10
persistence

Malware Config

Targets

    • Target

      59cd7810b2ade259c8ca4367d56c16b1

    • Size

      115KB

    • MD5

      59cd7810b2ade259c8ca4367d56c16b1

    • SHA1

      4b6e289d9c12eda3a4e17ca481f6ce4bea306cdf

    • SHA256

      dfa3efbd11baa46667fe85472b84301e1c99fba68087d1b5d7c0ad17295c31fb

    • SHA512

      8d39148b7be921676c87666503689d7cfc2c96cad26fea1cc810e887a563f2e99c28137074f7a8f5dcdd88cd6634237a2d34e30bc7546824f31e1096cea95e61

    • SSDEEP

      3072:JQIURUKx5MordTMT3twQWj1W/XtnJbitx089:Jvz86pOkzG

    Score
    7/10
    persistence

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      39e8d7e57cf5fe1ef5cc5c74a7c851f1.exe

    • Size

      146KB

    • MD5

      39e8d7e57cf5fe1ef5cc5c74a7c851f1

    • SHA1

      fb93c0169106065af4918621a31abad81a085262

    • SHA256

      a13505e3daddcb63051046479f0eaea1ae66bfcbfe616814cd8571ef23b460ff

    • SHA512

      c3f85c4ec92837c806217c2d4e4c9ecb343e8bd01bee1c269805436b1a71ca416b988a979b5ba4ff33898e624f8a992a225f9cee3517aa09ad1e144e2b1ace3e

    • SSDEEP

      3072:tF7s6mQxKmsYhnElI78fdV9z9gOEpaWDr:zssFsYhOs3

    Score
    5/10

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks