Overview

overview

10

Static

static

3

3827953289...4..exe

windows7-x64

10

3827953289...4..exe

windows10-1703-x64

10

3827953289...4..exe

windows10-2004-x64

10

3827953289...4..exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3827953289572398579235.mp4..exe

  • Size

    32KB

  • Sample

    240221-c3mgeshh6x

  • MD5

    4bc37d2f324907590321dcef8f5a1320

  • SHA1

    29b1973dbced366b91251b351e274fd996e8ade8

  • SHA256

    167d09acdc1b0bf9b7608dbe92acfe4f6893445881727d32624b3548e76958e4

  • SHA512

    b8e97180f7d00bad17054021a48444c93fb64429e43243296c8d425bb382bae74514255cd626d924d894a05093034e6818f36ba20361fb6ed19d5f17d553eed8

  • SSDEEP

    384:gV9bnHZbB1TpYJHMlZb/11xUjddIWm8FqXcfLc5IxmyO5RrzOm8asZTzzt1SEobr:gXTBpf/zxZWml6CelLJykJTu7

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      3827953289572398579235.mp4..exe

    • Size

      32KB

    • MD5

      4bc37d2f324907590321dcef8f5a1320

    • SHA1

      29b1973dbced366b91251b351e274fd996e8ade8

    • SHA256

      167d09acdc1b0bf9b7608dbe92acfe4f6893445881727d32624b3548e76958e4

    • SHA512

      b8e97180f7d00bad17054021a48444c93fb64429e43243296c8d425bb382bae74514255cd626d924d894a05093034e6818f36ba20361fb6ed19d5f17d553eed8

    • SSDEEP

      384:gV9bnHZbB1TpYJHMlZb/11xUjddIWm8FqXcfLc5IxmyO5RrzOm8asZTzzt1SEobr:gXTBpf/zxZWml6CelLJykJTu7

    Score
    10/10
    evasionpersistencetrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks