Overview

overview

10

Static

static

10

798f0be3a0...88.exe

windows7-x64

9

798f0be3a0...88.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    798f0be3a04ddaf963514a2c6b35f1f7cd01ea4a6d0599b27f80ec47ecaf9a88

  • Size

    119KB

  • Sample

    240421-3ec6ysch3w

  • MD5

    0ede0cee607359910dbd3e5e5c915884

  • SHA1

    56ea11ac249a650914089223fac9a24329541d64

  • SHA256

    798f0be3a04ddaf963514a2c6b35f1f7cd01ea4a6d0599b27f80ec47ecaf9a88

  • SHA512

    10700f25243248ec9f1dfd5ae2764ebf06883e2820abab3acb8c69625e0ec538fda1ee1b98f5e535280129d5f85f28fd01174b8f7d86cc581027f69418583514

  • SSDEEP

    3072:XOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:XIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

Score
10/10
persistence

Malware Config

Targets

    • Target

      798f0be3a04ddaf963514a2c6b35f1f7cd01ea4a6d0599b27f80ec47ecaf9a88

    • Size

      119KB

    • MD5

      0ede0cee607359910dbd3e5e5c915884

    • SHA1

      56ea11ac249a650914089223fac9a24329541d64

    • SHA256

      798f0be3a04ddaf963514a2c6b35f1f7cd01ea4a6d0599b27f80ec47ecaf9a88

    • SHA512

      10700f25243248ec9f1dfd5ae2764ebf06883e2820abab3acb8c69625e0ec538fda1ee1b98f5e535280129d5f85f28fd01174b8f7d86cc581027f69418583514

    • SSDEEP

      3072:XOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:XIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

    Score
    9/10
    persistence

    • UPX dump on OEP (original entry point)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks