Overview

overview

7

Static

static

3

Virus.Hija...c0.exe

windows7-x64

7

Virus.Hija...c0.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Virus.Hijack.ATA_virussign.com_cbe6a99c2f0d656b5588cc2af8b5a5c0.exe

  • Size

    3.6MB

  • Sample

    240907-p437saxbjn

  • MD5

    cbe6a99c2f0d656b5588cc2af8b5a5c0

  • SHA1

    10ba4c226f046ada5bbedf578eae9825d18be498

  • SHA256

    c0ded08b56e4ebc91b7af25fcc49a5c871678c4c17d204863cfebf4150ec6756

  • SHA512

    aeb3a113a8b802179cf8649a73368d354ef4705269298d7d0a1b0d67f1f759de70e68e38aaa5619335a7703bb86f3190dbb9b867ba022f6d5f4f020be1428efc

  • SSDEEP

    49152:cwVJ/qUQ5F5EexZD63Wb5wSSnebipRCoBRI17fMt6v77/lClNiuHL1jGgJ6OdoGr:3/257I6GnaipRT/md77AlDL1XsOdLVJ

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      Virus.Hijack.ATA_virussign.com_cbe6a99c2f0d656b5588cc2af8b5a5c0.exe

    • Size

      3.6MB

    • MD5

      cbe6a99c2f0d656b5588cc2af8b5a5c0

    • SHA1

      10ba4c226f046ada5bbedf578eae9825d18be498

    • SHA256

      c0ded08b56e4ebc91b7af25fcc49a5c871678c4c17d204863cfebf4150ec6756

    • SHA512

      aeb3a113a8b802179cf8649a73368d354ef4705269298d7d0a1b0d67f1f759de70e68e38aaa5619335a7703bb86f3190dbb9b867ba022f6d5f4f020be1428efc

    • SSDEEP

      49152:cwVJ/qUQ5F5EexZD63Wb5wSSnebipRCoBRI17fMt6v77/lClNiuHL1jGgJ6OdoGr:3/257I6GnaipRT/md77AlDL1XsOdLVJ

    Score
    7/10
    discoverypersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks