Overview

overview

9

Static

static

3

Seven.exe

windows10-2004-x64

1

Seven.exe

windows11-21h2-x64

1

Seven.exe

windows10-2004-x64

9

Seven.exe

windows11-21h2-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Seven.zip

  • Size

    1.4MB

  • Sample

    240430-ck3exshd67

  • MD5

    a38866194ee654afef644494f9d7a5ed

  • SHA1

    d99a813a6865de4beb0be335e435e223c99358ea

  • SHA256

    6d12b45ec2b83e8832ece498476a6e09aa860a16c40b62735d2e8afd6b5fba9c

  • SHA512

    4521b811eb1e35121dfadbaf89c1690d4382c211a3f1eeadeba43bc7748a1fae06d622a4ecd1fe6f241cee49af168ff07aa5195fff308b07e3db9adb987146dc

  • SSDEEP

    24576:Q52Cxgqj1PlS27gepp0DdaHFrayvQvbpVGt3Cq0MHZTMAQ+AGxq9L98PWLh41i:QJxgqfV7fyda7vQzEHZ4A1AG4mPsN

Score
9/10
ransomwarespywarestealer

Malware Config

Targets

    • Target

      Seven.dll

    • Size

      1.3MB

    • MD5

      98d5378860de3a83e284307e80a75eac

    • SHA1

      8c168d31328c8ac977b33d78ab1473b1a8ddf52c

    • SHA256

      462bca7ef58e21fc161725f4f673642e294fcb73d4a55da602cd08c858bf5afa

    • SHA512

      bde74c85f9a536030a3c8b6d4b3fa353ca4758c62745311bf46ae000c2f4eff62643ce2f8b7969a8ee8bb7a4cff6829adbde81106169feed76c8d5b17b0b7c8d

    • SSDEEP

      24576:vpiCloqjVHlCu7UkpL0z9ohF9qwHWv3TVI/L6Mmgj3fcAUQAcNKVLDonWRpI:vxloq737Be9otHWPmj30AJAcwMnc

    Score
    1/10
    behavioral1behavioral2

    • Target

      Seven.exe

    • Size

      139KB

    • MD5

      350273e0d2e8a9ba5e37b791016112a0

    • SHA1

      5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71

    • SHA256

      27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba

    • SHA512

      b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b

    • SSDEEP

      3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (265) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks