Overview

overview

8

Static

static

1

26c4b29aec...24.exe

windows7-x64

8

26c4b29aec...24.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    26c4b29aecab745ea5c53cbc27c913397839601eeeea8a5bce6f667ebc029f24.exe

  • Size

    962KB

  • Sample

    240726-ckcjhazclm

  • MD5

    801b729c693ea54cbaffa5ad03f84346

  • SHA1

    6f2fbb7a0d66b84dea8f86d45536897d2aa3f0ef

  • SHA256

    26c4b29aecab745ea5c53cbc27c913397839601eeeea8a5bce6f667ebc029f24

  • SHA512

    b8adbda9614d5bf6899002edae7a5698a71e735bac33dcf6c953dacb1b3f66db79728d634c8391f9499fdc8a79763ad368798d8877004db73005f75ee9d7d398

  • SSDEEP

    24576:Y41WsaGlhU1lP8VXrkHVblX76J9JjVesoF9Op:YGbaGYbU5Q1Be9JxNoY

Score
8/10
discoveryexecutionpersistence

Malware Config

Targets

    • Target

      26c4b29aecab745ea5c53cbc27c913397839601eeeea8a5bce6f667ebc029f24.exe

    • Size

      962KB

    • MD5

      801b729c693ea54cbaffa5ad03f84346

    • SHA1

      6f2fbb7a0d66b84dea8f86d45536897d2aa3f0ef

    • SHA256

      26c4b29aecab745ea5c53cbc27c913397839601eeeea8a5bce6f667ebc029f24

    • SHA512

      b8adbda9614d5bf6899002edae7a5698a71e735bac33dcf6c953dacb1b3f66db79728d634c8391f9499fdc8a79763ad368798d8877004db73005f75ee9d7d398

    • SSDEEP

      24576:Y41WsaGlhU1lP8VXrkHVblX76J9JjVesoF9Op:YGbaGYbU5Q1Be9JxNoY

    Score
    8/10
    discoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks