General
-
Target
dc864cd8c60ae62c9de8a7bb7f2ce1cb
-
Size
2.4MB
-
Sample
240321-y3ebpshc75
-
MD5
dc864cd8c60ae62c9de8a7bb7f2ce1cb
-
SHA1
3efc32b5630c132567c7042888ade059cd4dc2e8
-
SHA256
116a01b1614550427748d89463cb0ef02561a0ac9dec0d76f82d5f45514aa1f0
-
SHA512
d9e21b941383add9dfe33c785518539d06f4e8bfb6b196095636d1c1e8d4afcb348cb550271c9646f8314aa6393702ca7eaa2019abd203466178af76c4b64ee7
-
SSDEEP
49152:Ms7EUiXXzyYMtUF9wUg7BqVoBvW2CEvylKKZXFIiOe+qQGpy:MVXzEA9bg7kVo82qXFcay
Static task
static1
Behavioral task
behavioral1
Sample
dc864cd8c60ae62c9de8a7bb7f2ce1cb.exe
Resource
win7-20240221-en
Malware Config
Targets
-
-
Target
dc864cd8c60ae62c9de8a7bb7f2ce1cb
-
Size
2.4MB
-
MD5
dc864cd8c60ae62c9de8a7bb7f2ce1cb
-
SHA1
3efc32b5630c132567c7042888ade059cd4dc2e8
-
SHA256
116a01b1614550427748d89463cb0ef02561a0ac9dec0d76f82d5f45514aa1f0
-
SHA512
d9e21b941383add9dfe33c785518539d06f4e8bfb6b196095636d1c1e8d4afcb348cb550271c9646f8314aa6393702ca7eaa2019abd203466178af76c4b64ee7
-
SSDEEP
49152:Ms7EUiXXzyYMtUF9wUg7BqVoBvW2CEvylKKZXFIiOe+qQGpy:MVXzEA9bg7kVo82qXFcay
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Modifies Windows Firewall
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Browser Extensions
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
4