48f474b60b126daca92a3a90af6209d84233f716aaf7d794f33051a9611f48c4

General

Target

Seven.zip
Size

1.4MB
Sample

240430-cyyznahg85
MD5

b0e31d0a69b599bb4ad62fc071aca989
SHA1

7db13573f7eb58729fc4f2ac30bce3f3159e2aa6
SHA256

48f474b60b126daca92a3a90af6209d84233f716aaf7d794f33051a9611f48c4
SHA512

6ea7b8fd9d39d51eeb3b12d7c99bd6c1353b6a10033fd264e31bbcd2a97f7640fce4dd46d93ca12c462779afdf477691e9de51bc3c0faea61190479106424410
SSDEEP

24576:sDECNmmlGqjdTl06bLO12hFj7cDCvItViJRq3YmhjsG02g4eroYKZ9gHDxWLPfce:WDhlGqL/bI2EDCALhj30V4er4A1/VI

Score

10^/10

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  1.3MB
- MD5
  
  aeb701a9583902897e1677fe2dcc6c86
- SHA1
  
  4ef27b369d36b3a7b28d4814015203255a325854
- SHA256
  
  e4ea46499fffad7ca2c2b25ff097ebdbf3219ce861f287887f4ee77b30912ee0
- SHA512
  
  80bf58d6cc11d6e65008d28c2cc001692356c364d1488e885c29f55db82ccdbbc8ac23a8a77b8154e5167dd894d0bf169986cc76f6b5a27b04393a45fe89a25a
- SSDEEP
  
  24576:1OC7iml+qjVdlqubPE7ORFL1Q1AvUTV6776NWg13cu0Ug4cboYAv9SHDLWNrl:1t3l+qxfbMOS1Asz13j0V4cbsqv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Seven.exe
- Size
  
  139KB
- MD5
  
  350273e0d2e8a9ba5e37b791016112a0
- SHA1
  
  5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
- SHA256
  
  27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
- SHA512
  
  b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
- SSDEEP
  
  3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score

10^/10

ransomware spyware stealer evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Renames multiple (249) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4