Overview

overview

10

Static

static

10

f1f3466784...07.exe

windows7-x64

7

f1f3466784...07.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207

  • Size

    139.7MB

  • Sample

    240707-bfp4csyhlp

  • MD5

    ab32fa6aaaf27e833cc65317b8fd6e98

  • SHA1

    61b339765f53729fcd5a6631e7ef833de9dccad0

  • SHA256

    f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207

  • SHA512

    5338550de90d654400ed051670ef3670f17c3279777fab65da9a4afd87caffeac8466b5700b58ef99e3c627959c87c3a4db5a9a0dfa34a8afa9387e3cf402271

  • SSDEEP

    786432:wMBFPmYEDLVqSOqZDq+ybW1h4uyrzMVX9yvjBIA1toV+dUbWN3KPqiVslIBKOMxT:wRYcLQvqkWLYUNw91toV+dgTVBZo

Score
10/10
agentteslablackguardpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207

    • Size

      139.7MB

    • MD5

      ab32fa6aaaf27e833cc65317b8fd6e98

    • SHA1

      61b339765f53729fcd5a6631e7ef833de9dccad0

    • SHA256

      f1f3466784f8757113fa3fc2f742b04202cb98cfa3e92f1b26c001bfcff2d207

    • SHA512

      5338550de90d654400ed051670ef3670f17c3279777fab65da9a4afd87caffeac8466b5700b58ef99e3c627959c87c3a4db5a9a0dfa34a8afa9387e3cf402271

    • SSDEEP

      786432:wMBFPmYEDLVqSOqZDq+ybW1h4uyrzMVX9yvjBIA1toV+dUbWN3KPqiVslIBKOMxT:wRYcLQvqkWLYUNw91toV+dgTVBZo

    Score
    7/10
    persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks