Overview

overview

10

Static

static

3

virussign....30.exe

windows7-x64

10

virussign....30.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    virussign.com_a5cbea3acae6f4a1d68f82c4cc1d9630.vir

  • Size

    97KB

  • Sample

    240528-yc91paae64

  • MD5

    a5cbea3acae6f4a1d68f82c4cc1d9630

  • SHA1

    05a9052c61aa0d11340895d4da0c905ca3be971b

  • SHA256

    e2a08b9be32f229af214ef7a8927ba465dee805b53724bc40fc2308d93be5481

  • SHA512

    12d0e599c59858cf382dba87f78eb76021e2fae7af5a30f8a5ad9a30122d1c56375533ca9a28fff21e5b5c48d0e1c93270e6e58724317b2a714d9539d0539e65

  • SSDEEP

    1536:4a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3YdoIw:J8dfX7y9DZ+N7eB+tIw

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      virussign.com_a5cbea3acae6f4a1d68f82c4cc1d9630.vir

    • Size

      97KB

    • MD5

      a5cbea3acae6f4a1d68f82c4cc1d9630

    • SHA1

      05a9052c61aa0d11340895d4da0c905ca3be971b

    • SHA256

      e2a08b9be32f229af214ef7a8927ba465dee805b53724bc40fc2308d93be5481

    • SHA512

      12d0e599c59858cf382dba87f78eb76021e2fae7af5a30f8a5ad9a30122d1c56375533ca9a28fff21e5b5c48d0e1c93270e6e58724317b2a714d9539d0539e65

    • SSDEEP

      1536:4a3+ddygX7y9v7Z+NoykJHBOAFRfBjG3YdoIw:J8dfX7y9DZ+N7eB+tIw

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks