Overview

overview

10

Static

static

3

a6abff08e9...2d.exe

windows7-x64

10

a6abff08e9...2d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6abff08e97aaff33f3aabb84068c569eaa1788842742eaf4d3c38c00bde522d.exe

  • Size

    135KB

  • Sample

    240524-e16hmadb5x

  • MD5

    02e4168fe15eaba294ee087503c25250

  • SHA1

    8085542c354fcfe7ad650dfe431ce26c3a01b712

  • SHA256

    a6abff08e97aaff33f3aabb84068c569eaa1788842742eaf4d3c38c00bde522d

  • SHA512

    7313a55bc4136bb5daa0f4c6aaac544b9a97960b0419eb07946485a7fb76f51e1ba41df1fe68674509ce24c91b1a70a64f62bfd5bcedec2571ce744dcbc9ef25

  • SSDEEP

    1536:4fsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbV5jp00000000000E:4VqoCl/YgjxEufVU0TbTyDDal3jb

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      a6abff08e97aaff33f3aabb84068c569eaa1788842742eaf4d3c38c00bde522d.exe

    • Size

      135KB

    • MD5

      02e4168fe15eaba294ee087503c25250

    • SHA1

      8085542c354fcfe7ad650dfe431ce26c3a01b712

    • SHA256

      a6abff08e97aaff33f3aabb84068c569eaa1788842742eaf4d3c38c00bde522d

    • SHA512

      7313a55bc4136bb5daa0f4c6aaac544b9a97960b0419eb07946485a7fb76f51e1ba41df1fe68674509ce24c91b1a70a64f62bfd5bcedec2571ce744dcbc9ef25

    • SSDEEP

      1536:4fsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbV5jp00000000000E:4VqoCl/YgjxEufVU0TbTyDDal3jb

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks