f1662149f835cfa5fe3e22df52987ea04474a122577af31adf04223cededf43d

General

Target

Seven.zip
Size

1.4MB
Sample

240430-den6saae68
MD5

3af69c74ec9cf926c0e7b52c5a5afb25
SHA1

ddb1575f7fb8ac049800bacf1c3539520449ad4e
SHA256

f1662149f835cfa5fe3e22df52987ea04474a122577af31adf04223cededf43d
SHA512

5cf370e249f8adacef9ff1b64af224881c7cf4888674cdcae413a3e437a61a1f60dfd8422ecc1ab09550da4169235d4141cb0a9846d560f573f9b7af4b8b88bd
SSDEEP

24576:z/MsNSqjjzl/2uZiTWhKlSVF5OQZkv0WNVEjjavIIAdWCaMgYynEXtBIpWHTwsuj:zHNSqR/5ZaWiSBZkfbAdpavYy4Q9sZQ

Score

10^/10

Malware Config

Targets

- Target
  
  Seven.dll
- Size
  
  1.3MB
- MD5
  
  c911e21fe70e167d8f9bee1703415553
- SHA1
  
  c892220ff96d2d5816a3c3e6a0247620450fa7ed
- SHA256
  
  03a644a944153208259729776d6a0b32cd9016d8a8087757430c6c8f32865af5
- SHA512
  
  784790551beccdf1db88ddcb7e7bd59a6d796742f753e69e4125698a09f60f0af64918a3746f714aa9f506ab276a50bdbe492e458481f2c9d7925dfea57dfbd7
- SSDEEP
  
  24576:Zhisl0qjVhl2uZmDWdKF81F14QboviqTV8Br6Pyg+3WkaUmYcbWXttU1WFT4sEsV:Znl0qtbZ8WI8nboHJ+3XavYcCKHs/
Score

1^/10
behavioral1 behavioral2
- Target
  
  Seven.exe
- Size
  
  139KB
- MD5
  
  350273e0d2e8a9ba5e37b791016112a0
- SHA1
  
  5bfb616dd46f67d1dcbbff55ca5917ffc1ec8b71
- SHA256
  
  27297bf8139bea755e9297e7e1489d827d1ee09a8e1d94a3ef96a2edb2de61ba
- SHA512
  
  b1e768524b4e840bd5f4163205122dd1725583245d8bfd5cbd89eb21a5fb9d33aff1b7b0ca42132b7dae469e025068ae663b3b02ad59927a558dc340141ec91b
- SSDEEP
  
  3072:miS4omp03WQthI/9S3BZi08iRQ1G78IVn27bSfcJd8ltw:miS4ompB9S3BZi0a1G78IVhcTct
Score

10^/10

evasion ransomware spyware stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Renames multiple (261) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4