Overview

overview

9

Static

static

3

a9420ed285...65.exe

windows7-x64

9

a9420ed285...65.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9420ed28532014ee76241d5327face1334bc6b0709bc5fe92a14cf5e7e2a065

  • Size

    426KB

  • Sample

    240307-252fssgg49

  • MD5

    c83cfc6543628d983a5048685b251540

  • SHA1

    012d52e1795d7284876326585b316d58d43f9c12

  • SHA256

    a9420ed28532014ee76241d5327face1334bc6b0709bc5fe92a14cf5e7e2a065

  • SHA512

    716ef14b3c669e94067d16cf74ab48a9b818f744e4fba22bb33b12c9072c7dfee96a4a6a0dd8c05df4d4e54c25e68746791ebb9f72e1298bc74907395f0fb8e0

  • SSDEEP

    6144:x8AvJrkMF24NqmvkpW3otptcfOpkG4vy5xCoBkwxyQV3AV4iSe3/Bs1JvdvyIpkM:x8QrC96+Dt1kgJ7yQV3AV47JNyI+6L

Score
9/10
persistence

Malware Config

Targets

    • Target

      a9420ed28532014ee76241d5327face1334bc6b0709bc5fe92a14cf5e7e2a065

    • Size

      426KB

    • MD5

      c83cfc6543628d983a5048685b251540

    • SHA1

      012d52e1795d7284876326585b316d58d43f9c12

    • SHA256

      a9420ed28532014ee76241d5327face1334bc6b0709bc5fe92a14cf5e7e2a065

    • SHA512

      716ef14b3c669e94067d16cf74ab48a9b818f744e4fba22bb33b12c9072c7dfee96a4a6a0dd8c05df4d4e54c25e68746791ebb9f72e1298bc74907395f0fb8e0

    • SSDEEP

      6144:x8AvJrkMF24NqmvkpW3otptcfOpkG4vy5xCoBkwxyQV3AV4iSe3/Bs1JvdvyIpkM:x8QrC96+Dt1kgJ7yQV3AV47JNyI+6L

    Score
    9/10
    persistence

    • Detects executables (downlaoders) containing URLs to raw contents of a paste

    • Detects executables referencing many IR and analysis tools

    • Modifies Installed Components in the registry

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks