Overview

overview

10

Static

static

5

7602976ac2...12.exe

windows7-x64

10

7602976ac2...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7602976ac25e5cd58bf03f305e7f5412

  • Size

    753KB

  • Sample

    240126-bqfyfabcd9

  • MD5

    7602976ac25e5cd58bf03f305e7f5412

  • SHA1

    a805523bebfaf1f4eead91839d17e641b87dcad1

  • SHA256

    59d27d4aa9ad970e1e4ff09a1f66583cfd18c2c1495c802a05831b5c685011aa

  • SHA512

    49115f2935296e7efd4a2d0a8ff417fb2565e328ee59004bed3524ab76f7b5ae5bb56040212ddc6e2fd205f31dd92b667da596a2d9e2d5cf3468b2510f15280c

  • SSDEEP

    6144:wpqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcVYnCV:wpqiC/2OGAtkCP4cejGSOpRKCCGY

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      7602976ac25e5cd58bf03f305e7f5412

    • Size

      753KB

    • MD5

      7602976ac25e5cd58bf03f305e7f5412

    • SHA1

      a805523bebfaf1f4eead91839d17e641b87dcad1

    • SHA256

      59d27d4aa9ad970e1e4ff09a1f66583cfd18c2c1495c802a05831b5c685011aa

    • SHA512

      49115f2935296e7efd4a2d0a8ff417fb2565e328ee59004bed3524ab76f7b5ae5bb56040212ddc6e2fd205f31dd92b667da596a2d9e2d5cf3468b2510f15280c

    • SSDEEP

      6144:wpqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcVYnCV:wpqiC/2OGAtkCP4cejGSOpRKCCGY

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks