General
-
Target
4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
-
Size
360KB
-
Sample
240129-fgtv6aadg2
-
MD5
34505b8c7b36b13e6f0861c6626f4e59
-
SHA1
d88c66638a7b99fad8df704c88ceb143cb75ddf1
-
SHA256
4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
-
SHA512
c2bce916ab34ff31cc06d32afa72d0bdd45ce83b7b6d98a40066800fd66acc62ef46647d65a1271e6c11eb13f363f5160bbacad8ce9c7406bd8e0c727c37d8ca
-
SSDEEP
6144:9/+Rtc4FksgTOzEV6zs1hfk8MIcG1Zb7d+0PuSCU4CzmJkdVds:Vh4FkRTOzEV6zs1hfk8oYVd+Dj4mYVds
Static task
static1
Behavioral task
behavioral1
Sample
4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e.exe
Resource
win10-20231215-en
Malware Config
Targets
-
-
Target
4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
-
Size
360KB
-
MD5
34505b8c7b36b13e6f0861c6626f4e59
-
SHA1
d88c66638a7b99fad8df704c88ceb143cb75ddf1
-
SHA256
4f6475164641a853d65d964c6f5aa3743d8360f1ab70ecfdefa693f9375cfc3e
-
SHA512
c2bce916ab34ff31cc06d32afa72d0bdd45ce83b7b6d98a40066800fd66acc62ef46647d65a1271e6c11eb13f363f5160bbacad8ce9c7406bd8e0c727c37d8ca
-
SSDEEP
6144:9/+Rtc4FksgTOzEV6zs1hfk8MIcG1Zb7d+0PuSCU4CzmJkdVds:Vh4FkRTOzEV6zs1hfk8oYVd+Dj4mYVds
-
Modifies firewall policy service
-
Modifies security service
-
Disables taskbar notifications via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1