5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0 | Triage

Submit
Reports

Overview

overview

Static

static

5b9fbdf68f...e0.exe

windows7-x64

5b9fbdf68f...e0.exe

windows10-2004-x64

Sharing

General

Target

5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0
Size

89KB
Sample

240527-2hdffsce4s
MD5

0fc53dbf5e35174b52b26b006bd4e524
SHA1

b224820cb8e39061d9c7e4fa0dd6d230480f29bb
SHA256

5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0
SHA512

a568f97780cdfc8ecd21e2b5a757b330816bb26ea1dd79c439ee56b3dd3e8755c1983bf3497165759ae4337e7e421db4bfbdb6ec39334f3c84f980a532144094
SSDEEP

1536:71sMveb4lR0daHy9v7Zc86y9U4AFRfBWAEnU:BDeb4T0daHy9DZc86yGUtnU

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0.exe

Resource

win7-20240220-en

evasion persistence

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0.exe

Resource

win10v2004-20240426-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0
- Size
  
  89KB
- MD5
  
  0fc53dbf5e35174b52b26b006bd4e524
- SHA1
  
  b224820cb8e39061d9c7e4fa0dd6d230480f29bb
- SHA256
  
  5b9fbdf68faa1f974340dd3bb207e37cbef00d0f316a84fbf4a6b20314c531e0
- SHA512
  
  a568f97780cdfc8ecd21e2b5a757b330816bb26ea1dd79c439ee56b3dd3e8755c1983bf3497165759ae4337e7e421db4bfbdb6ec39334f3c84f980a532144094
- SSDEEP
  
  1536:71sMveb4lR0daHy9v7Zc86y9U4AFRfBWAEnU:BDeb4T0daHy9DZc86yGUtnU
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables packed with ASPack
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy