Overview

overview

10

Static

static

1

MalwareDatabase

windows10-2004-x64

10

Resubmissions

20-08-2024 19:16

240820-xy8jbasfnq 10

20-08-2024 19:13

240820-xxkqvsydrb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareDatabase

  • Size

    331KB

  • Sample

    240820-xxkqvsydrb

  • MD5

    8caec591082dc00491aea1ef77cffa46

  • SHA1

    65154b9e1f1c6234b90c43b1db3cf06acfa39d96

  • SHA256

    1c8fc97540852d2967a477d24ba22f271d625edb0bfe4c53fcf927b3fc95094c

  • SHA512

    3a87cfa3603b2e811b041426dbb8c0464958dfb366c12525d585c24593430ef993d1f70050e0fb64ef923a81df43c16f941eeb90de7ef8f2e3277da2acbc169e

  • SSDEEP

    6144:gFoYH3uokeOvHS1d1+sNs8wbiWQz9qvZJT3CqbMrhryf65NRPaCieMjAkvCJv1V1:SoYH3uokeOvHS1d1+sNs8wbiWQz9qvZM

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      MalwareDatabase

    • Size

      331KB

    • MD5

      8caec591082dc00491aea1ef77cffa46

    • SHA1

      65154b9e1f1c6234b90c43b1db3cf06acfa39d96

    • SHA256

      1c8fc97540852d2967a477d24ba22f271d625edb0bfe4c53fcf927b3fc95094c

    • SHA512

      3a87cfa3603b2e811b041426dbb8c0464958dfb366c12525d585c24593430ef993d1f70050e0fb64ef923a81df43c16f941eeb90de7ef8f2e3277da2acbc169e

    • SSDEEP

      6144:gFoYH3uokeOvHS1d1+sNs8wbiWQz9qvZJT3CqbMrhryf65NRPaCieMjAkvCJv1V1:SoYH3uokeOvHS1d1+sNs8wbiWQz9qvZM

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks