Overview

overview

7

Static

static

3

61e6d96061...0e.exe

windows7-x64

7

61e6d96061...0e.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e

  • Size

    170KB

  • Sample

    240530-2hznpacb2s

  • MD5

    e5e1b3df953f6395e2f2bf007ef56ae1

  • SHA1

    aef5d4b1014fb4c5c9129e3ce356632d993d3e5b

  • SHA256

    61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e

  • SHA512

    a1614492c74d32c75351471afa1ba4b71058f5eb6ebdbe5303e9bbedd1da54ad4c36083a03b2a395ce6f8cb51dc3da1d34d246d7b5df3d412fb94373f361f5a7

  • SSDEEP

    3072:FJpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7UL:bAm5oh63laEo+pXX1pkF8mxeq5+4m71f

Score
7/10

Malware Config

Targets

    • Target

      61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e

    • Size

      170KB

    • MD5

      e5e1b3df953f6395e2f2bf007ef56ae1

    • SHA1

      aef5d4b1014fb4c5c9129e3ce356632d993d3e5b

    • SHA256

      61e6d9606123422584674d2b008aa06cf5ee1c7157167ceb2f17a798f23f3d0e

    • SHA512

      a1614492c74d32c75351471afa1ba4b71058f5eb6ebdbe5303e9bbedd1da54ad4c36083a03b2a395ce6f8cb51dc3da1d34d246d7b5df3d412fb94373f361f5a7

    • SSDEEP

      3072:FJpOm5axh63laEo+pXX1pQD2UCohD8mxLCj+5cmeDye42L712xrpdJ8xLeb7UL:bAm5oh63laEo+pXX1pkF8mxeq5+4m71f

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks