Overview

overview

7

Static

static

3

b5c6595b42...0N.exe

windows7-x64

7

b5c6595b42...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b5c6595b4241db348a7ab514d4ca2160N.exe

  • Size

    191KB

  • Sample

    240727-mc2hrstfnk

  • MD5

    b5c6595b4241db348a7ab514d4ca2160

  • SHA1

    0467bbc3f97787708906ffd5a87aee92982e7c4d

  • SHA256

    f002b13244b92b9ed811eac6459290dc38ba481dc2d4263435d388ca713597a7

  • SHA512

    6edafb652869cf40aa13765a04fce5c5a340f5d3c10fc18a9ee386786024512d6affe42c1953fca4edbfd70fd431f24afb47a30ef9a1f61c0a53fdee9f8ef19d

  • SSDEEP

    3072:PAKEsYqqjfipJWYpWJZfGXFxUYyaJC6sOMD5Qjj9jRMKSlJ8subptbbG+X:oKE+qjfipJWYpWJZfGXFRJJRsOM9+j5L

Score
7/10
discovery

Malware Config

Targets

    • Target

      b5c6595b4241db348a7ab514d4ca2160N.exe

    • Size

      191KB

    • MD5

      b5c6595b4241db348a7ab514d4ca2160

    • SHA1

      0467bbc3f97787708906ffd5a87aee92982e7c4d

    • SHA256

      f002b13244b92b9ed811eac6459290dc38ba481dc2d4263435d388ca713597a7

    • SHA512

      6edafb652869cf40aa13765a04fce5c5a340f5d3c10fc18a9ee386786024512d6affe42c1953fca4edbfd70fd431f24afb47a30ef9a1f61c0a53fdee9f8ef19d

    • SSDEEP

      3072:PAKEsYqqjfipJWYpWJZfGXFxUYyaJC6sOMD5Qjj9jRMKSlJ8subptbbG+X:oKE+qjfipJWYpWJZfGXFRJJRsOM9+j5L

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks