930a232776aa5a29f512ea527432dd6252c09aa17be3b6be8aa54b25b0551496 | Triage

Sharing

General

Target

Seven.zip
Size

1.1MB
Sample

240427-hbb49sdg2y
MD5

30b4ee2c51ea48d27847563443f5ab64
SHA1

1dbb4f003a1e63cd43f9397db50a4a7f9e4fdb62
SHA256

930a232776aa5a29f512ea527432dd6252c09aa17be3b6be8aa54b25b0551496
SHA512

732eac24a2e2827aedd608cf1bdd87ed9552792191b055b5230c4a62fe83bf8fb04503d5e05eea5ee6c95fdbc5e55c5d3936a25ca30079d2fec152fde98cf544
SSDEEP

24576:BEqluRtEkif5QYC9qWRSqxvTlOId466DoJ2HRJe1bxK0i:BEtE3M4ASqrzd4VDocQi

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  1.0MB
- MD5
  
  d832a61f074dea6e3363481b1acb8d34
- SHA1
  
  5bc6f44ff2b8dae2651ed84dd79f37004005ace1
- SHA256
  
  9afb53e55c30374f958ed690963062f39537ff9838f220dde36c72340111d90d
- SHA512
  
  472cb69bd0f08d32dd7055794ad2d6f3804cca662bb7b4036e3dfad37168bce8b49ca66fd9bbf539e592e6ea1d885586849aa1ba89de195be1661534a39ac5a2
- SSDEEP
  
  24576:+AiJ5kIi35+mCVUWzUqjv3lmId+8E9WNoxl5Gb:6k/y2CUq5bd+V9Wa
Score

1^/10
behavioral1
- Target
  
  Seven.exe
- Size
  
  144KB
- MD5
  
  45d3f2bbb5b36bd3f1b7e5b751b8ff7f
- SHA1
  
  1506520299378908e2e9b31e771ec77b9de125c5
- SHA256
  
  04f732bb1c4dae8f8033e2acdd026f6ca291cce30d89829eef17bef6f9315693
- SHA512
  
  2d55c5f0da5d70321c5e2834335e3c2e1d76cb3a44fde74f724bcd7c467660c727ed36f022fa004b7c4360983b72bfed01d9e15fdb1b61c71ab489ef2fa7e708
- SSDEEP
  
  3072:6iS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lt+:6iS4ompB9S3BZi0a1G78IVhcTct
Score

10^/10

evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2