Overview

overview

10

Static

static

10

Roexec.exe

windows7-x64

7

Roexec.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Roexec.exe

  • Size

    106.5MB

  • Sample

    240405-kfl65sfd81

  • MD5

    f78425067178b650a4668ac7368aeb9a

  • SHA1

    91f4e24befa9463911d186956fee8d455093e726

  • SHA256

    f63347a35d9518619192197aa6eddc2dd5757aa21ae9a05e2318b0cd5207ce1b

  • SHA512

    a07ce938233ac0fa5ec251390651cf762da512f67f41c9b491832e2d35e04d2ffe4fc91b776edcd1edbca1386677823a9d7c76105359d4d0c766d96e9a9bb0c0

  • SSDEEP

    3145728:fcdZ4iS6xjKcBa6R2qHO5iI8QVnG0iWMsbB2Ox0nCW9:KVSWNa6HHCiwticBmC

Score
10/10
pysilonevasionpersistencepyinstaller

Malware Config

Targets

    • Target

      Roexec.exe

    • Size

      106.5MB

    • MD5

      f78425067178b650a4668ac7368aeb9a

    • SHA1

      91f4e24befa9463911d186956fee8d455093e726

    • SHA256

      f63347a35d9518619192197aa6eddc2dd5757aa21ae9a05e2318b0cd5207ce1b

    • SHA512

      a07ce938233ac0fa5ec251390651cf762da512f67f41c9b491832e2d35e04d2ffe4fc91b776edcd1edbca1386677823a9d7c76105359d4d0c766d96e9a9bb0c0

    • SSDEEP

      3145728:fcdZ4iS6xjKcBa6R2qHO5iI8QVnG0iWMsbB2Ox0nCW9:KVSWNa6HHCiwticBmC

    Score
    9/10
    evasionpersistencepyinstaller

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks