Overview

overview

8

Static

static

3

74e64ac4e3...f9.exe

windows7-x64

8

74e64ac4e3...f9.exe

windows10-2004-x64

8

Stningsstr...rs.ps1

windows7-x64

8

Stningsstr...rs.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74e64ac4e30e760332d456eb22f9c287a378653566cf4eac6278c4576c2d5cf9.exe

  • Size

    427KB

  • Sample

    240523-b24hwagh8x

  • MD5

    2ceb634eba1c56c9dcf5daa8c78ebc92

  • SHA1

    8c101631d550b07502f5e077b33d4142d6323a5d

  • SHA256

    74e64ac4e30e760332d456eb22f9c287a378653566cf4eac6278c4576c2d5cf9

  • SHA512

    042d3249ae6863ff90caae3001258e80a3e92f9abc8dbfb1ac0eb48dfcef7c72686a677a70c554a2a620680319aba93058d22c71b306252530f51cb874131caa

  • SSDEEP

    6144:W9X0GVlmkDWa5rfgmIOVXAk85ltRn8j7r85ugCDo4pr3WWPC1LiJ1Km9:Y02FCa5M2m5LRnKg5D4pr3WrMJ1Km9

Score
8/10
executionpersistence

Malware Config

Targets

    • Target

      74e64ac4e30e760332d456eb22f9c287a378653566cf4eac6278c4576c2d5cf9.exe

    • Size

      427KB

    • MD5

      2ceb634eba1c56c9dcf5daa8c78ebc92

    • SHA1

      8c101631d550b07502f5e077b33d4142d6323a5d

    • SHA256

      74e64ac4e30e760332d456eb22f9c287a378653566cf4eac6278c4576c2d5cf9

    • SHA512

      042d3249ae6863ff90caae3001258e80a3e92f9abc8dbfb1ac0eb48dfcef7c72686a677a70c554a2a620680319aba93058d22c71b306252530f51cb874131caa

    • SSDEEP

      6144:W9X0GVlmkDWa5rfgmIOVXAk85ltRn8j7r85ugCDo4pr3WWPC1LiJ1Km9:Y02FCa5M2m5LRnKg5D4pr3WrMJ1Km9

    Score
    8/10
    executionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Stningsstrukturers.Rec

    • Size

      58KB

    • MD5

      dd200d8c3c09458738a4ee7d421a891b

    • SHA1

      5821db55a8a2e95c67411c18893530d9c3cd47c6

    • SHA256

      0e5ad13c4627a6fcb258cbcf2e67bde5ac0f66b8e85291ba05dacc5021eeb4df

    • SHA512

      a2faef0cb547f0ee91ca5b45893300fc18943d1389f593bf2b58f557d8e85f7346e55be8a592c87e6e32dc98f9d568a05e59cc7d93b9288391c0465b6a68f39d

    • SSDEEP

      1536:sWQH2/5I3Msf3ZYyEkBsrTX+SKmiXY81ruyMmWKYgZVYJ:sWi65tOJ7EkW+SCDrZ9Ycs

    Score
    8/10
    executionpersistence

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

2
T1059.001

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks