General
-
Target
7cad2a9590e2f63ac4115fa2879cb9e5aeb48aa80f324945d82f0efe5baf7da3.exe
-
Size
5.2MB
-
Sample
240501-b2zjxsch9t
-
MD5
f5a52d7f38e29a3749139aef116c1809
-
SHA1
cf3e85f2a8f58e4998c49f1655220fff335e3e68
-
SHA256
7cad2a9590e2f63ac4115fa2879cb9e5aeb48aa80f324945d82f0efe5baf7da3
-
SHA512
ca560c35397753427c4296598d445aced3adae03c2d32bd01f8e8d84aed143dde2ec196f9297a8449b957a4d22e44e9a5e5e27880bb4697cc70e8abd500129d1
-
SSDEEP
98304:oxIp9iL+rmZm/ZV2yUz+0WT55CzN5BVv6K+Dil7Whfi0yTV38ImupL:oxIbiL+rMGvUz+z552N1v69DixWha0Md
Malware Config
Targets
-
-
Target
7cad2a9590e2f63ac4115fa2879cb9e5aeb48aa80f324945d82f0efe5baf7da3.exe
-
Size
5.2MB
-
MD5
f5a52d7f38e29a3749139aef116c1809
-
SHA1
cf3e85f2a8f58e4998c49f1655220fff335e3e68
-
SHA256
7cad2a9590e2f63ac4115fa2879cb9e5aeb48aa80f324945d82f0efe5baf7da3
-
SHA512
ca560c35397753427c4296598d445aced3adae03c2d32bd01f8e8d84aed143dde2ec196f9297a8449b957a4d22e44e9a5e5e27880bb4697cc70e8abd500129d1
-
SSDEEP
98304:oxIp9iL+rmZm/ZV2yUz+0WT55CzN5BVv6K+Dil7Whfi0yTV38ImupL:oxIbiL+rMGvUz+z552N1v69DixWha0Md
Score10/10-
Modifies security service
-
Creates new service(s)
-
Sets service image path in registry
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
3Windows Service
3