Overview

overview

8

Static

static

3

949058f852...12.exe

windows7-x64

7

949058f852...12.exe

windows10-2004-x64

4

Refugium/F...or.ps1

windows7-x64

8

Refugium/F...or.ps1

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    949058f85290c68b2446353f2c9c95e433c2355bc5b330d4db24b5fcabd96e12

  • Size

    684KB

  • Sample

    240326-bzkb8abd36

  • MD5

    a2c0e611108d2a115ed55d83ee2e757f

  • SHA1

    b1c4956ec950233746c6bf57145d1a2bd72f8f65

  • SHA256

    949058f85290c68b2446353f2c9c95e433c2355bc5b330d4db24b5fcabd96e12

  • SHA512

    61330dfc2ea1fcea1f7372d5ac5ddb36020a8c0ad3ada40e1e06af3ffa35f6b21927f3f0bf4baf35becff5325b0ec7254ec981c3fba95a56a783af208aaf5884

  • SSDEEP

    12288:FLTA8PHO5mU0It6pJfZcQYGxyIQTQVjcVqorCGZxfELMsjiI36:9TA8PO5mU16pJfnYGxbWWgUo+Yss

Score
8/10
persistence

Malware Config

Targets

    • Target

      949058f85290c68b2446353f2c9c95e433c2355bc5b330d4db24b5fcabd96e12

    • Size

      684KB

    • MD5

      a2c0e611108d2a115ed55d83ee2e757f

    • SHA1

      b1c4956ec950233746c6bf57145d1a2bd72f8f65

    • SHA256

      949058f85290c68b2446353f2c9c95e433c2355bc5b330d4db24b5fcabd96e12

    • SHA512

      61330dfc2ea1fcea1f7372d5ac5ddb36020a8c0ad3ada40e1e06af3ffa35f6b21927f3f0bf4baf35becff5325b0ec7254ec981c3fba95a56a783af208aaf5884

    • SSDEEP

      12288:FLTA8PHO5mU0It6pJfZcQYGxyIQTQVjcVqorCGZxfELMsjiI36:9TA8PO5mU16pJfnYGxbWWgUo+Yss

    Score
    7/10

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Refugium/Forurettelsen/Picador.ind

    • Size

      56KB

    • MD5

      107f2d51a1a9d4e0423e5ac5cef1b21c

    • SHA1

      3b074e4957f9240abdf5f5a61c8a1dda331dc29a

    • SHA256

      2a558e54310f4bb0f99f640b9b49e997c1ba5982e0fe53081ed1fdeee2e6263a

    • SHA512

      b827f8ac5a5e27e9ee448a109227f8fbbcc3f6a627a668d101689246fe0495f94fcec39c719d49895f7831a8f165b823e6d4b22651008476ae5302c79bdc2b6b

    • SSDEEP

      1536:VwO4zf5tAtrOTq3GCllPOa33mx/Hd3t5DxPynVfVt:eO4zf/U3GClgcGLW

    Score
    8/10
    persistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks