Overview

overview

10

Static

static

3

d3a1c240cb...75.exe

windows7-x64

10

d3a1c240cb...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d3a1c240cb9aeea95a2b42f156e5bfce358980a70fa03185d22898120bb37e75

  • Size

    228KB

  • Sample

    240425-ea3n2sef67

  • MD5

    77baf2e77a5be6b1e765eb0cad6f72c7

  • SHA1

    e5640a82fd468ee5a8dc8e4e8019d52519f68d85

  • SHA256

    d3a1c240cb9aeea95a2b42f156e5bfce358980a70fa03185d22898120bb37e75

  • SHA512

    adcb1093b9da0af6d5dcc6a7ae26192f5c4b11adf2832456c73c6fb6c3df716e45e444d31306d23beebfb5f1d1d14d03894c4231b24d3a382fa8805a63a34a95

  • SSDEEP

    6144:sGiFR6zJ1IFZ8hQJUnjpQkRw4CQvoscWkpRQdHrts25l:sGi+zJ1IFehQs0jpRQdHry2

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      d3a1c240cb9aeea95a2b42f156e5bfce358980a70fa03185d22898120bb37e75

    • Size

      228KB

    • MD5

      77baf2e77a5be6b1e765eb0cad6f72c7

    • SHA1

      e5640a82fd468ee5a8dc8e4e8019d52519f68d85

    • SHA256

      d3a1c240cb9aeea95a2b42f156e5bfce358980a70fa03185d22898120bb37e75

    • SHA512

      adcb1093b9da0af6d5dcc6a7ae26192f5c4b11adf2832456c73c6fb6c3df716e45e444d31306d23beebfb5f1d1d14d03894c4231b24d3a382fa8805a63a34a95

    • SSDEEP

      6144:sGiFR6zJ1IFZ8hQJUnjpQkRw4CQvoscWkpRQdHrts25l:sGi+zJ1IFehQs0jpRQdHry2

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks