d5a943566478d5a5b84998a7df515470d4ed2fef01c7ee2765ae49d75ce49860

General

Target

Seven.zip
Size

1.4MB
Sample

240430-cqlz5aab3t
MD5

a0cf463cb8fbd59b234d13abe4147bf0
SHA1

bdec9ee4d1ae13a69b6791aae8853adc4bee51c0
SHA256

d5a943566478d5a5b84998a7df515470d4ed2fef01c7ee2765ae49d75ce49860
SHA512

2aa4478b5b8ec747119f5d83ac3017a4dc9fe6767c5d497c3df505db0a4c2e4bdc731093a908c09f4997a136d835e29ab77d2f9f8bf197bbfa3a5622cdf2c717
SSDEEP

24576:aqpwsZSqj3XlkaZ67WlK9QxFn0mRMvsGlVCNdMTaUkdMiaU6YkFqRt7qhWH+vqe0:aqJZSqZ3ZuWmQDRMrdkdDaBYk2sXK

Score

10^/10

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  1.3MB
- MD5
  
  7bd55e440685d7869576b1e803ee87dd
- SHA1
  
  7026e0907e2a89113aafa40e3171d66cc3b389ee
- SHA256
  
  dddf973ee34a2fa6e3308cb353ada6a2ed15920599537d05fd9357f03a4f97f7
- SHA512
  
  06a5c79fbc29413d3481a7742bd9c4d98b3748e266a1a94d47feab17378a86bfe8ef99d11094c39399e14935bb6fba12f25f33e44ccee8a5eee9f3fcc7655479
- SSDEEP
  
  24576:DAohisl0qjVhl2uZmDWdKF81F14QboviqTV8Br6Pyg+3WkaUmYcbWXttU1WF2vM5:Monl0qtbZ8WI8nboHJ+3XavYcCKnu
Score

1^/10
behavioral1 behavioral2
- Target
  
  Seven.exe
- Size
  
  139KB
- MD5
  
  350273e0d2e8a9ba5e37b791016112a0
- SHA1
  
  5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
- SHA256
  
  27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
- SHA512
  
  b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
- SSDEEP
  
  3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score

10^/10

evasion ransomware spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Renames multiple (281) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4