Overview

overview

10

Static

static

3

dc0201284a...0N.exe

windows7-x64

10

dc0201284a...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc0201284a4125aa11a5f9905ce82ec0N.exe

  • Size

    460KB

  • Sample

    240902-199gjaydrl

  • MD5

    dc0201284a4125aa11a5f9905ce82ec0

  • SHA1

    97b61422b2e32c6037d8f8ad9a128eb30d4e55f8

  • SHA256

    a1a68b8a0d1662db27dba747643789c5bed3ce9e8b0086f186332775c3e3eac1

  • SHA512

    e90957b4e9dca68411e3a9cefd8188e175f3146b76f164cfe65caa4627ea22986db34d6baaff855d4f842e4c9dd08b3974b64af4ab91575115dd1a044e2d2b41

  • SSDEEP

    12288:YpDhOhIEPu+4gdJx930F0eStI4U+4cZY/+:qsXPu+4gR9R/tZT

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      dc0201284a4125aa11a5f9905ce82ec0N.exe

    • Size

      460KB

    • MD5

      dc0201284a4125aa11a5f9905ce82ec0

    • SHA1

      97b61422b2e32c6037d8f8ad9a128eb30d4e55f8

    • SHA256

      a1a68b8a0d1662db27dba747643789c5bed3ce9e8b0086f186332775c3e3eac1

    • SHA512

      e90957b4e9dca68411e3a9cefd8188e175f3146b76f164cfe65caa4627ea22986db34d6baaff855d4f842e4c9dd08b3974b64af4ab91575115dd1a044e2d2b41

    • SSDEEP

      12288:YpDhOhIEPu+4gdJx930F0eStI4U+4cZY/+:qsXPu+4gR9R/tZT

    Score
    10/10
    discoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks