Overview

overview

8

Static

static

7

2cde3df53d...0N.exe

windows7-x64

8

2cde3df53d...0N.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    2cde3df53d81870a5783f1c41e9a2c60N.exe

  • Size

    361KB

  • Sample

    240713-ca9q9ashle

  • MD5

    2cde3df53d81870a5783f1c41e9a2c60

  • SHA1

    7cc2b6fed9acf312ef5a59d6a2e2c7037274d1bf

  • SHA256

    4b1b1460daee8cecfaf71a3133e0d072d9a71b118150c2b99eb9074a8c739f65

  • SHA512

    5bf006f9c3b57defe0b5f7c97ef1bdb6f518a61cf7d399510faf57c787dbdd0719893906dd63f7920a1aaddf7057ccb9345504440480f6d47f63a01357dbc5b4

  • SSDEEP

    6144:VfYUTOnKu6qPbj8qfK4lxk/xE98KSCYcKPZh9Ol1/:VfYUTpYbj8qfK4jKK7YcKBh9M

Score
8/10
evasionpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      2cde3df53d81870a5783f1c41e9a2c60N.exe

    • Size

      361KB

    • MD5

      2cde3df53d81870a5783f1c41e9a2c60

    • SHA1

      7cc2b6fed9acf312ef5a59d6a2e2c7037274d1bf

    • SHA256

      4b1b1460daee8cecfaf71a3133e0d072d9a71b118150c2b99eb9074a8c739f65

    • SHA512

      5bf006f9c3b57defe0b5f7c97ef1bdb6f518a61cf7d399510faf57c787dbdd0719893906dd63f7920a1aaddf7057ccb9345504440480f6d47f63a01357dbc5b4

    • SSDEEP

      6144:VfYUTOnKu6qPbj8qfK4lxk/xE98KSCYcKPZh9Ol1/:VfYUTpYbj8qfK4jKK7YcKBh9M

    Score
    8/10
    evasionpersistenceprivilege_escalation

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks