Overview

overview

8

Static

static

1

sample

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    sample

  • Size

    5KB

  • Sample

    240415-p1n9fsef89

  • MD5

    2517f40d996e1dbfb77637c95a1eb856

  • SHA1

    b48415b910714fdff591b4ff9790f3eea3d6096e

  • SHA256

    933e984b31d9a82193b05eceded2a9b6c90d81b9a77397a962472ef4bf753846

  • SHA512

    593e3c14349c5ecf20e42811723ccc02adfa04b64a1e15c1722400de277538d8d7a4af89854b5deeac84383111207787086b388f0b9bb132093e1c435f0136ef

  • SSDEEP

    96:yNXOqgl1qKdXs2qItjIuaASu2l52W4aDZTb5HpHpHe6:yoqgl1NX1tMkyDZo6

Score
8/10
discoveryevasiontrojan

Malware Config

Targets

    • Target

      sample

    • Size

      5KB

    • MD5

      2517f40d996e1dbfb77637c95a1eb856

    • SHA1

      b48415b910714fdff591b4ff9790f3eea3d6096e

    • SHA256

      933e984b31d9a82193b05eceded2a9b6c90d81b9a77397a962472ef4bf753846

    • SHA512

      593e3c14349c5ecf20e42811723ccc02adfa04b64a1e15c1722400de277538d8d7a4af89854b5deeac84383111207787086b388f0b9bb132093e1c435f0136ef

    • SSDEEP

      96:yNXOqgl1qKdXs2qItjIuaASu2l52W4aDZTb5HpHpHe6:yoqgl1NX1tMkyDZo6

    Score
    8/10
    discoveryevasiontrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks