Overview

overview

10

Static

static

3

de1792cd5d...b4.exe

windows7-x64

10

de1792cd5d...b4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    de1792cd5db35411a3991f7c4c87cfb4

  • Size

    1.4MB

  • Sample

    240325-qggkyabg4w

  • MD5

    de1792cd5db35411a3991f7c4c87cfb4

  • SHA1

    6414b6f267e0a6de72351205438d2ced6c71dca1

  • SHA256

    9225244e3b4571da4574eaabb0f42bec343dbd9a6707128a1d45c77f3379ce23

  • SHA512

    9a57572cadbe97775c64e07ed4f690f44658cc29a6c12a3ad5b0602841bf8c681456360a088c1b920f9d79c9627a46610308d2b01abaab0d9fc558843bc545ea

  • SSDEEP

    12288:UZWtI6Rkzar+OZar+OZar+OZar+OZarys/o/2:UuhaWooooeOF

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      de1792cd5db35411a3991f7c4c87cfb4

    • Size

      1.4MB

    • MD5

      de1792cd5db35411a3991f7c4c87cfb4

    • SHA1

      6414b6f267e0a6de72351205438d2ced6c71dca1

    • SHA256

      9225244e3b4571da4574eaabb0f42bec343dbd9a6707128a1d45c77f3379ce23

    • SHA512

      9a57572cadbe97775c64e07ed4f690f44658cc29a6c12a3ad5b0602841bf8c681456360a088c1b920f9d79c9627a46610308d2b01abaab0d9fc558843bc545ea

    • SSDEEP

      12288:UZWtI6Rkzar+OZar+OZar+OZar+OZarys/o/2:UuhaWooooeOF

    Score
    10/10
    evasionpersistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks