Overview

overview

8

Static

static

3

10a63fb12b...e6.exe

windows7-x64

7

10a63fb12b...e6.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Evase.ps1

windows7-x64

8

Evase.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10a63fb12bcb5c72c8effdb907ecf4c5aceb8e4bf8808bac6465f9465f43a2e6.exe

  • Size

    356KB

  • Sample

    240316-chmaxshc7s

  • MD5

    2ce9926c9f6a60f0ce753bf7919261bf

  • SHA1

    c68a3d5d6f97fe0e9c6686252683086671de5b42

  • SHA256

    10a63fb12bcb5c72c8effdb907ecf4c5aceb8e4bf8808bac6465f9465f43a2e6

  • SHA512

    d040c2096c2fbd663471c7dd3cf2116888c57905b8422ce11c9bc32c9939b666890a1b068a6998b93c1fe90eca6e3d6ce3c49e740fd65adead9ad2caf1ecccb1

  • SSDEEP

    6144:foGzI1XpCBwJxO6miqt1Tu4hn6RyIhiYn8W2YBptQY74exJPWta:fbSCBwLO6BqtFn6ROo8W5ztQA42Psa

Score
8/10
persistence

Malware Config

Targets

    • Target

      10a63fb12bcb5c72c8effdb907ecf4c5aceb8e4bf8808bac6465f9465f43a2e6.exe

    • Size

      356KB

    • MD5

      2ce9926c9f6a60f0ce753bf7919261bf

    • SHA1

      c68a3d5d6f97fe0e9c6686252683086671de5b42

    • SHA256

      10a63fb12bcb5c72c8effdb907ecf4c5aceb8e4bf8808bac6465f9465f43a2e6

    • SHA512

      d040c2096c2fbd663471c7dd3cf2116888c57905b8422ce11c9bc32c9939b666890a1b068a6998b93c1fe90eca6e3d6ce3c49e740fd65adead9ad2caf1ecccb1

    • SSDEEP

      6144:foGzI1XpCBwJxO6miqt1Tu4hn6RyIhiYn8W2YBptQY74exJPWta:fbSCBwLO6BqtFn6ROo8W5ztQA42Psa

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      fa299e199922b3ba833be655a8d71b75

    • SHA1

      4d74c53bb6927a2831df93af26f3e4e4fb007797

    • SHA256

      49a6a1c1f19574b2a247ce6c5adc0751e046d27c30912816ba415f871b74ae5d

    • SHA512

      7ceb64d3d826762994c48ffad3ad2234410cbcdbedfce9a2dc03d18915ce22d687173f90e954d7bdb0eae76954c360059ad761aedc48cd7fa4ec29d6094f6a65

    • SSDEEP

      96:v7fhZwXd8KgEbAa9PweF1WxD8ZLMJGgmkNO38:4N8KgWAuLWxD8ZAGgmkN

    Score
    3/10
    behavioral3behavioral4

    • Target

      Evase.Fag

    • Size

      44KB

    • MD5

      4b1cde30773cfe42d8ddd4a24c59399a

    • SHA1

      b3859a6fe0b39962cf38df5f66558b9d55bcb3cb

    • SHA256

      3761698e158636a22a815734694031ff8bc2397e27a23c19e8cb4b7241922d9f

    • SHA512

      37f25caeb8ecbd1cefc679c75b6e8d5b0473d1eeb96a9a7a9dc419d3768f861d3cbd9207f5faa9ea1995ff93f780cddcea224111c754d5066b5fc85325209ef8

    • SSDEEP

      768:cbO324Al+vmvBZu2hUjBlFXNUBLkRxA79AdLbPooBYqLIbuq2JS6/UzBf2n7laJB:cqLwvBZzhqB/NURJEPoiBLIq3Jz+f2RK

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks