Overview

overview

7

Static

static

3

Scanned Pu...py.exe

windows7-x64

7

Scanned Pu...py.exe

windows10-1703-x64

7

Scanned Pu...py.exe

windows10-2004-x64

7

Scanned Pu...py.exe

windows11-21h2-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scanned Purchase Copy.virus

  • Size

    840KB

  • Sample

    240805-qc3mlswhpn

  • MD5

    f0ac6e417bcb277b0f77a68d569221e2

  • SHA1

    fe3c587bbc5288889d9af771d27f32588027f51b

  • SHA256

    f8ad0d0ae8b7c856e33237282a0f3ea323ae03b9bb6e058a58a7b22f004a4e3f

  • SHA512

    2dc6d75298f241453020cddd913e962b216918cba87958faf40a33a61e6abbd1833b1ccc93440f0b0c5facbcfad7a02dad1a60050c18e6d800d557d5cc39ecaa

  • SSDEEP

    12288:yX7cSNszmBR4fZrJpRLR22IZwJe3jFPS4YKcw+8VirmaAEO/YZwVct3iS7JC:yX7Gm7wE3jhlYKVafO/Tw7JC

Score
7/10
discovery

Malware Config

Targets

    • Target

      Scanned Purchase Copy.virus

    • Size

      840KB

    • MD5

      f0ac6e417bcb277b0f77a68d569221e2

    • SHA1

      fe3c587bbc5288889d9af771d27f32588027f51b

    • SHA256

      f8ad0d0ae8b7c856e33237282a0f3ea323ae03b9bb6e058a58a7b22f004a4e3f

    • SHA512

      2dc6d75298f241453020cddd913e962b216918cba87958faf40a33a61e6abbd1833b1ccc93440f0b0c5facbcfad7a02dad1a60050c18e6d800d557d5cc39ecaa

    • SSDEEP

      12288:yX7cSNszmBR4fZrJpRLR22IZwJe3jFPS4YKcw+8VirmaAEO/YZwVct3iS7JC:yX7Gm7wE3jhlYKVafO/Tw7JC

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    discovery
    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks