Overview

overview

8

Static

static

3

ST_Externa...er.exe

windows7-x64

8

ST_Externa...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ST_External_Loader.exe

  • Size

    19.8MB

  • Sample

    240612-s6mvcszhkb

  • MD5

    9db1a30398521441b138523142a497c3

  • SHA1

    aa69bfad573aad9db5a7a626730dbe0b62455097

  • SHA256

    32ac64aad1c7b86f24b34ac815314b5ce085b698a8c07ca35a35b5b6e06ac935

  • SHA512

    2221440d675514fe5061da9dc2b3e3e47dec6240da31d36166b4bd946da7bd03871fbcb6c734777afc7cd22272a8cbdbf13ef929c98c22088190cfd5c06cf483

  • SSDEEP

    393216:s3VgprYo2N1J8nXzrorjPB4I44aqJsLIAazsNSNUy:85J8Dro/PBMsVsgNUy

Score
8/10
persistence

Malware Config

Targets

    • Target

      ST_External_Loader.exe

    • Size

      19.8MB

    • MD5

      9db1a30398521441b138523142a497c3

    • SHA1

      aa69bfad573aad9db5a7a626730dbe0b62455097

    • SHA256

      32ac64aad1c7b86f24b34ac815314b5ce085b698a8c07ca35a35b5b6e06ac935

    • SHA512

      2221440d675514fe5061da9dc2b3e3e47dec6240da31d36166b4bd946da7bd03871fbcb6c734777afc7cd22272a8cbdbf13ef929c98c22088190cfd5c06cf483

    • SSDEEP

      393216:s3VgprYo2N1J8nXzrorjPB4I44aqJsLIAazsNSNUy:85J8Dro/PBMsVsgNUy

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks