Overview

overview

10

Static

static

10

27adeb2ed7...40.exe

windows7-x64

9

27adeb2ed7...40.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    27adeb2ed76744408ddd0067d9368e67b8d653ab325acf8d46eff6f0ae0dff40

  • Size

    127KB

  • Sample

    240421-yk7kjaba2x

  • MD5

    2ddd44d4b370a0161ce4c4edf79c29b6

  • SHA1

    5b2589f05654fa5c63d949ae734f5ecac279ab4c

  • SHA256

    27adeb2ed76744408ddd0067d9368e67b8d653ab325acf8d46eff6f0ae0dff40

  • SHA512

    4f76aa0daa3ee476759294b7e5de083bce0dc80e6ac627869be1279126353bc833dc0c0977342834366e8f274cff1c14ad89e238175a73cd99f75a9f1cc4d871

  • SSDEEP

    3072:qOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPL:qIH9OKofHfHTXQLzgvnzHPowYbvrjD/O

Score
10/10
persistence

Malware Config

Targets

    • Target

      27adeb2ed76744408ddd0067d9368e67b8d653ab325acf8d46eff6f0ae0dff40

    • Size

      127KB

    • MD5

      2ddd44d4b370a0161ce4c4edf79c29b6

    • SHA1

      5b2589f05654fa5c63d949ae734f5ecac279ab4c

    • SHA256

      27adeb2ed76744408ddd0067d9368e67b8d653ab325acf8d46eff6f0ae0dff40

    • SHA512

      4f76aa0daa3ee476759294b7e5de083bce0dc80e6ac627869be1279126353bc833dc0c0977342834366e8f274cff1c14ad89e238175a73cd99f75a9f1cc4d871

    • SSDEEP

      3072:qOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPL:qIH9OKofHfHTXQLzgvnzHPowYbvrjD/O

    Score
    9/10
    persistence

    • UPX dump on OEP (original entry point)

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks