General

  • Target

    Seven.zip

  • Size

    1.1MB

  • Sample

    240428-kqfr4scb9w

  • MD5

    041c52fb40ed624159eceeb49dfa1a8a

  • SHA1

    1344e7dcac5205514c540a4c2f2cacda9c8d15bd

  • SHA256

    9ab6ff2c7ecf0bef297c8b0b58122c42e18e087665d043aff7a9d3d02641f86f

  • SHA512

    f0873744d77000f4c95082245d38ef413822d6ea68c40b7e446a708021f23aad15e4193b1bcd4ae0aef5da45121d709e6f9220f2cacd8c9abc8572d2958c2d29

  • SSDEEP

    24576:rpEW6Xkuspb0ij5ELfW9mqbbLlQsdmDsWkzcVvmZBszSg9a9:rFzpbDQfMmqp9dmQWkzctm3SC

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.0MB

    • MD5

      29297b690d4bb0543d3e9ebbe1555d8f

    • SHA1

      847133ce34c5fc98e460793882a0aa20a9156805

    • SHA256

      c0a2826eba6f61dbb8dd76bd6dd2459a2cf4849691edd8156333f22d403f6219

    • SHA512

      3b83c60518f1294660e63e7c88ed6368762f214b726e3837f93d7905910f66a2b310004c5c9f733961eb61c0ba3821501caba41952cd7fa5193bb5bc610bd66e

    • SSDEEP

      24576:kAiJNu23T0i558nhWjoqjbDlCsdU9sC+ZujdAhjANmgI:6L3TJyhmoq5ndUKC+Zu5AN

    Score
    1/10
    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      6503f847c3281ff85b304fc674b62580

    • SHA1

      947536e0741c085f37557b7328b067ef97cb1a61

    • SHA256

      afd7657f941024ef69ca34d1e61e640c5523b19b0fad4dcb1c9f1b01a6fa166f

    • SHA512

      abc3b32a1cd7d0a60dd7354a9fcdff0bc37ec8a20bb2a8258353716d820f62d343c6ba9385ba893be0cca981bbb9ab4e189ccfeee6dd77cc0dc723e975532174

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8lto:miS4ompB9S3BZi0a1G78IVhcTct

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Disables cmd.exe use via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Modify Registry

4
T1112

Impair Defenses

3
T1562

Disable or Modify Tools

3
T1562.001

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Collection

Data from Local System

1
T1005

Tasks