General

  • Target

    Seven.zip

  • Size

    1.1MB

  • Sample

    240428-kb466abf79

  • MD5

    82469ff13bbd49f839326be729227a2e

  • SHA1

    fbb8b6f46f987f091a6248cad0b55fe8286fa37d

  • SHA256

    8c7c4ffe7eee9ac2bc4ba972422e24fb26c624f0c6d26b5d4ac835df63062a48

  • SHA512

    150046dafc8ed6976e35fb57fee7ed0ada8c4b92c058e6ecb00119999e6cf5158472c1f11440225d96546672a3d630e52d9486d9ee71508587f08d904d967300

  • SSDEEP

    24576:r/2JQXpaY2iT5gWeWFuqr19lK4d4Dt6ugNvUHuVAayb80ruVHya:rLZpIUuqFvd4h6ugpUdaauVJ

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.0MB

    • MD5

      78b453a2b0bb7474fdd7b37416dc2585

    • SHA1

      fdaf7fa35baf8abe4ce1bb1c5d03f9dd97e4029d

    • SHA256

      7fb8076488c55b4b832289a2c3ff8c5935416baa28e231070a8fb5abad372bf5

    • SHA512

      25bfed8458315f477b0a70aba352b8938bd68a6fdfd87196c3f89085cfe27842604765359db2b25d4b0588cbd09f9e7352986795755ad8b926d4cd43e3ba816e

    • SSDEEP

      24576:3AiJp0Ceit5KUeWhOqj17lY4dqDx++qNJCLuVuaAZmihU:b33kcOqHldqN++qDCNaSU

    Score
    1/10
    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      6503f847c3281ff85b304fc674b62580

    • SHA1

      947536e0741c085f37557b7328b067ef97cb1a61

    • SHA256

      afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f

    • SHA512

      abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Modify Registry

4
T1112

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks