Overview

overview

7

Static

static

3

b7f32eba71...df.exe

windows7-x64

7

b7f32eba71...df.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7f32eba711b23c10467841163a1d84b4002f99b16399b7356eee0e2abe651df.exe

  • Size

    431KB

  • Sample

    240522-cml6qaha54

  • MD5

    07cbab426f1bc77ca5d0f6a8fc1c9b4b

  • SHA1

    70dc25df196c9bd87c2add428dc86b5f272eb15c

  • SHA256

    b7f32eba711b23c10467841163a1d84b4002f99b16399b7356eee0e2abe651df

  • SHA512

    a53c41aa20e76b7ee3baaa08aee3a4aa5361314a677ca753f68e1aca607fc8c8fdb3ab4f932991662976db2e1e30b5632bb7ebc5c12aa24dcb6703b5f311c9d7

  • SSDEEP

    12288:Q0pZnHL9jAT8mU07ijSq/X7/8omMZ8LliOPZx:Q0pZnrhVG7imq/TdmMZ8Dx

Score
7/10

Malware Config

Targets

    • Target

      b7f32eba711b23c10467841163a1d84b4002f99b16399b7356eee0e2abe651df.exe

    • Size

      431KB

    • MD5

      07cbab426f1bc77ca5d0f6a8fc1c9b4b

    • SHA1

      70dc25df196c9bd87c2add428dc86b5f272eb15c

    • SHA256

      b7f32eba711b23c10467841163a1d84b4002f99b16399b7356eee0e2abe651df

    • SHA512

      a53c41aa20e76b7ee3baaa08aee3a4aa5361314a677ca753f68e1aca607fc8c8fdb3ab4f932991662976db2e1e30b5632bb7ebc5c12aa24dcb6703b5f311c9d7

    • SSDEEP

      12288:Q0pZnHL9jAT8mU07ijSq/X7/8omMZ8LliOPZx:Q0pZnrhVG7imq/TdmMZ8Dx

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      12b140583e3273ee1f65016becea58c4

    • SHA1

      92df24d11797fefd2e1f8d29be9dfd67c56c1ada

    • SHA256

      014f1dfeb842cf7265a3644bc6903c592abe9049bfc7396829172d3d72c4d042

    • SHA512

      49ffdfa1941361430b6acb3555fd3aa05e4120f28cbdf7ceaa2af5937d0b8cccd84471cf63f06f97cf203b4aa20f226bdad082e9421b8e6b62ab6e1e9fc1e68a

    • SSDEEP

      192:gFiQJ77pJp17C8F1A5xjGNxrgFOgb7lrT/nC93:E7pJp48F2exrg5F/C

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      4a2f4fe4a3ad1de56ee6bf7dd4923963

    • SHA1

      7cc68b94448c964fd99904e5784b059aed4d5daa

    • SHA256

      89b1e6509a1b45b32933e9d785a9c8c5b9ce7c616e1112dcf7fc3fa5ca27ebde

    • SHA512

      4b6bbe75beafae9a29932ff5ddd3940aadfae62c157836e6cdab755955782dd5354d5eb389b4b8c16bf59f4ce7a099a0161d915c1cf2968f28e195dc8e3997ea

    • SSDEEP

      96:z0OBtYZKtPsrqBApt1JHpb9XWk7Qe06iE6mE6YNFyVOHd0+uPHwEX:4tZKtrAJJJbP7iEHEbN8Ved0Ph

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks