Overview

overview

8

Static

static

3

summon-car.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    summon-car.exe

  • Size

    35KB

  • Sample

    240522-b7fc8sgd84

  • MD5

    fbaf782e116bae1f57e4bfcb42a6fe60

  • SHA1

    0ad4dc56cabc0c881d544706ee395f90b7c9bbee

  • SHA256

    73504157bdda253573d5dd7a2ae44f9970eaed124e7a9635b6c4c235372867f1

  • SHA512

    0f51b11e40e0ea28108b02d3d5f617dce2c27b0ce976099a63d849e779a50f8fbca774521be05fdc82ed67ebe2d853d64b62b2822022b8ce09b0317503edfad7

  • SSDEEP

    768:74KUgnWEklHGuIwlgxiOXbOfq1IkCTd2OI:74KUgnWFldIKUbOMCTgO

Score
8/10
discovery

Malware Config

Targets

    • Target

      summon-car.exe

    • Size

      35KB

    • MD5

      fbaf782e116bae1f57e4bfcb42a6fe60

    • SHA1

      0ad4dc56cabc0c881d544706ee395f90b7c9bbee

    • SHA256

      73504157bdda253573d5dd7a2ae44f9970eaed124e7a9635b6c4c235372867f1

    • SHA512

      0f51b11e40e0ea28108b02d3d5f617dce2c27b0ce976099a63d849e779a50f8fbca774521be05fdc82ed67ebe2d853d64b62b2822022b8ce09b0317503edfad7

    • SSDEEP

      768:74KUgnWEklHGuIwlgxiOXbOfq1IkCTd2OI:74KUgnWFldIKUbOMCTgO

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops startup file

    • Modifies file permissions

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks