Overview

overview

10

Static

static

3

4e5fcc7882...02.exe

windows7-x64

10

4e5fcc7882...02.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b59631e064541c8651576128708e50f9.bin

  • Size

    4.5MB

  • Sample

    240324-d214vsbg6z

  • MD5

    55d3d8af0e1cdbed5cc0d0eab615dde7

  • SHA1

    e0bb3fa8f6d195c2095d3a8cfef2d6cc81ae42d2

  • SHA256

    dc7024607d07710c6dbd48c06087e01db216644fef2d20aa717f61814d0ca02e

  • SHA512

    661bff09155a5885057a791fccb8141ee0126339e7f20524f415dae53caba88a39910cca1da1a6c621953c6bb7d8922c64e014dee9cbf96e37d5f5832191988b

  • SSDEEP

    98304:OnS+mOtgGa/XnOWJLt1kFWPaQAmpny4s8MboGqlDyOKq/bpyb/BbT352uiSf:+VgGamOL3k/0ylJoGa/UdThnf

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002.exe

    • Size

      5.3MB

    • MD5

      b59631e064541c8651576128708e50f9

    • SHA1

      7aae996d4990f37a48288fa5f15a7889c3ff49b3

    • SHA256

      4e5fcc788287580ed19402eadaab8c69ca5f0a904ead605153feb534bbe87002

    • SHA512

      571a06f0ec88fe3697388195dd0a7f7e8d63945748855d928fb5005b51fd2c2baea1a63bd871ed0cfade5eabb879f577b7b04f9cd4d1222de52da641feee1f92

    • SSDEEP

      98304:69w8PMOW9ZI6aO7sd/mzt5mAiN1vw+/YR8ov/bkMJmJZNOnTdjyip:ndIV0G/mzsN1vl/YRV4MY9OnTdjy

    Score
    10/10
    evasionpersistence

    • Modifies security service

      evasion

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks