Overview

overview

10

Static

static

10

0fb125f6de...53.exe

windows7-x64

9

0fb125f6de...53.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    0fb125f6dee22c11d69333e1f5cb44f49fb8ead8ccb26006f185511cfc685f53

  • Size

    352KB

  • Sample

    240421-xdyhlshf9w

  • MD5

    136ba111267fa49852d929ab573be756

  • SHA1

    ce6afb6ae35bf050327a28770280391da4e54f54

  • SHA256

    0fb125f6dee22c11d69333e1f5cb44f49fb8ead8ccb26006f185511cfc685f53

  • SHA512

    7b6d4496914cfd23b87f2ca3e814f5c1ab3c967715becb02059c890e55ce7eb07a2ddc4c29798c8b4e73a1667dd8ca4a1950f3840584460bbd05de0cf690eb39

  • SSDEEP

    6144:KIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCe8i:nKofHfHTXQLzgvnzHPowYbvrjD/L7QPs

Score
10/10
persistence

Malware Config

Targets

    • Target

      0fb125f6dee22c11d69333e1f5cb44f49fb8ead8ccb26006f185511cfc685f53

    • Size

      352KB

    • MD5

      136ba111267fa49852d929ab573be756

    • SHA1

      ce6afb6ae35bf050327a28770280391da4e54f54

    • SHA256

      0fb125f6dee22c11d69333e1f5cb44f49fb8ead8ccb26006f185511cfc685f53

    • SHA512

      7b6d4496914cfd23b87f2ca3e814f5c1ab3c967715becb02059c890e55ce7eb07a2ddc4c29798c8b4e73a1667dd8ca4a1950f3840584460bbd05de0cf690eb39

    • SSDEEP

      6144:KIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCe8i:nKofHfHTXQLzgvnzHPowYbvrjD/L7QPs

    Score
    9/10
    persistence

    • UPX dump on OEP (original entry point)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks