Overview

overview

10

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows10-2004-x64

10

runtimes/w...og.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    1.2MB

  • Sample

    240427-zths7sgd44

  • MD5

    d9cf170636b9a430c624813619e3c168

  • SHA1

    2b17ffbb3ab2a3f4317f7fd75f633d64bbceb4eb

  • SHA256

    7a9903545d5426f33643b14a9bf96ae3835cdab512a6328d71f4b48e53d61e2d

  • SHA512

    fb1310e98a1e2247ac9a438d4971a82770304820fb4c3c972e959b4e153dacae4a7c7020e0ee7abac400c13789c53f424ebfa236b4665bd4bf3e5e12d2c2d665

  • SSDEEP

    24576:tV0Fu59cTU7YGubhiiR5epJtWbOq57FlUqdKZiD9O9bGZuiIUs+0:tV0c5b7Y5hP0TaOqJDdKO9O9OuF

Score
10/10
evasionspywarestealertrojan

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.0MB

    • MD5

      b6600bfb25a96266f32fc970c5f81af7

    • SHA1

      ec4d666fb864d209cfb537191c6344c75b60b35f

    • SHA256

      c522f6ff1e29c962afc5341090f4a5935a9e91ab420cb540ad5654c74f19a79a

    • SHA512

      3c237be55bb244782041d338fd789cf422975c88905f7a3153ccedaa3a4bd8e7aefa87409168bd11a6fdab77a750625f42bf177cafc73e6303264b3ef85d6036

    • SSDEEP

      24576:MAiJRmKabhoiT5mpV5Wfkqj7fl2qd8/eX58F7IZGAOKUJ:WmDh7MX2kq9Nd8O581gG9

    Score
    1/10
    behavioral1

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      6503f847c3281ff85b304fc674b62580

    • SHA1

      947536e0741c085f37557b7328b067ef97cb1a61

    • SHA256

      afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f

    • SHA512

      abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    10/10
    evasionspywarestealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Disables cmd.exe use via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral2

    • Target

      runtimes/win/lib/netcoreapp2.0/System.Diagnostics.EventLog.dll

    • Size

      127KB

    • MD5

      9fb98981ec44d65d5a8fd867d7704dfb

    • SHA1

      7558a89c885ebad2fe4fdec28c1eb7235a751c7d

    • SHA256

      351f8619c3dafbad38ac8c89349b4c15073a944b2906b42cc7efe6353d21a985

    • SHA512

      b0226ad2487ee124953205079f7d13efdd8c4ec92a184a5687607ce78022ce5899bf079aff7a04685b5c44798483642f0996871ceebe094d8965d6ecf1833576

    • SSDEEP

      3072:GH/D1R8EYgMivs+qA8fb/+kPbPH5+LKlwnO4S5llBkQ7cEZ7A:GrQLgMivs+qdb/+kPl+4p4Sb7HZ7

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks