Overview

overview

10

Static

static

10

7a77a98572...f6.exe

windows7-x64

7

7a77a98572...f6.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a77a98572b8443b7e5ed44cca3a0fa833d3ee85b2b0d2f097e04441d6ef6af6

  • Size

    25.4MB

  • Sample

    240806-btqbaavejm

  • MD5

    ba74ac1f7a2bc36eb5cdd7eb94b5cc7a

  • SHA1

    e7b9118cf9e91174b989ee11253b05995c5d7a0b

  • SHA256

    7a77a98572b8443b7e5ed44cca3a0fa833d3ee85b2b0d2f097e04441d6ef6af6

  • SHA512

    a271327202a00be6d614d9b67188720289bcf4adf1640e42f0c952efd011ca6521433ced5e65a2ea94dde6a9642948b8459f9351679c642118d2bbafd5ebcda6

  • SSDEEP

    196608:HkKo7cgMb5vryItxaGeIukxcC7Iif40aCW6ZLZefxCTugJEk5/u+:HOpMb5vrfTeIuQZllefxCTUk5

Score
10/10
blackguardpersistenceprivilege_escalation

Malware Config

Targets

    • Target

      7a77a98572b8443b7e5ed44cca3a0fa833d3ee85b2b0d2f097e04441d6ef6af6

    • Size

      25.4MB

    • MD5

      ba74ac1f7a2bc36eb5cdd7eb94b5cc7a

    • SHA1

      e7b9118cf9e91174b989ee11253b05995c5d7a0b

    • SHA256

      7a77a98572b8443b7e5ed44cca3a0fa833d3ee85b2b0d2f097e04441d6ef6af6

    • SHA512

      a271327202a00be6d614d9b67188720289bcf4adf1640e42f0c952efd011ca6521433ced5e65a2ea94dde6a9642948b8459f9351679c642118d2bbafd5ebcda6

    • SSDEEP

      196608:HkKo7cgMb5vryItxaGeIukxcC7Iif40aCW6ZLZefxCTugJEk5/u+:HOpMb5vrfTeIuQZllefxCTUk5

    Score
    7/10
    persistenceprivilege_escalation

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks