Overview

overview

7

Static

static

3

92437485dd...94.exe

windows7-x64

7

92437485dd...94.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92437485dda44372ed6d0baa2e1ff1593e0d43e5c6ef20918a393d83153a1a94.exe

  • Size

    862KB

  • Sample

    240229-gadq2agb33

  • MD5

    b64f1f87fdc7e8bd3d053d058fc08f4e

  • SHA1

    c3ef7dfe21793f4c98a0b98fa0d8e9b4a00a884c

  • SHA256

    92437485dda44372ed6d0baa2e1ff1593e0d43e5c6ef20918a393d83153a1a94

  • SHA512

    d3962f5a5c312addfb5649ac1af87b9f9d58439995ae1392cb7ec142b2591dbab370fb0b4897dad748bb4575cfbe63bb93f35c74642ae0e467b3a0453bfd151b

  • SSDEEP

    12288:uJTQf8fr0Lblkgj88AXVLzmmbj01qfuhheB0GKc2XUJW+QiAukU30+9Ir/CSQf:CTQfgWkk8RRg1qI4qs0Uk+T/G/CJ

Score
7/10

Malware Config

Targets

    • Target

      92437485dda44372ed6d0baa2e1ff1593e0d43e5c6ef20918a393d83153a1a94.exe

    • Size

      862KB

    • MD5

      b64f1f87fdc7e8bd3d053d058fc08f4e

    • SHA1

      c3ef7dfe21793f4c98a0b98fa0d8e9b4a00a884c

    • SHA256

      92437485dda44372ed6d0baa2e1ff1593e0d43e5c6ef20918a393d83153a1a94

    • SHA512

      d3962f5a5c312addfb5649ac1af87b9f9d58439995ae1392cb7ec142b2591dbab370fb0b4897dad748bb4575cfbe63bb93f35c74642ae0e467b3a0453bfd151b

    • SSDEEP

      12288:uJTQf8fr0Lblkgj88AXVLzmmbj01qfuhheB0GKc2XUJW+QiAukU30+9Ir/CSQf:CTQfgWkk8RRg1qI4qs0Uk+T/G/CJ

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      2ae993a2ffec0c137eb51c8832691bcb

    • SHA1

      98e0b37b7c14890f8a599f35678af5e9435906e1

    • SHA256

      681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    • SHA512

      2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    • SSDEEP

      192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      b648c78981c02c434d6a04d4422a6198

    • SHA1

      74d99eed1eae76c7f43454c01cdb7030e5772fc2

    • SHA256

      3e3d516d4f28948a474704d5dc9907dbe39e3b3f98e7299f536337278c59c5c9

    • SHA512

      219c88c0ef9fd6e3be34c56d8458443e695badd27861d74c486143306a94b8318e6593bf4da81421e88e4539b238557dd4fe1f5bedf3ecec59727917099e90d2

    • SSDEEP

      96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks