Overview

overview

10

Static

static

3

FILENAME.pdf.exe

windows7-x64

8

FILENAME.pdf.exe

windows10-2004-x64

10

⌚/Elsa.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FILENAME.pdf.zip

  • Size

    146KB

  • Sample

    240924-3g3jmavbra

  • MD5

    8ec8bc8c36b70000ae1e8fe8f6766017

  • SHA1

    bbd04ae3680dfe7fb39ca68dd422c16f2cfdddd8

  • SHA256

    ef0cccaf82afeb47517277bcac2b3392ce1a4bbe46bc9d9697c816996ea64ca1

  • SHA512

    68a9a026574e2f24b537e438da983a9eca5214bd31527dbd699964fb09eb5ed562c932c43e16ffaa327be70024748b9dfc5fc3d6914eaa82914e09d8a378f2fa

  • SSDEEP

    3072:Ns6dRlAHX1wklBU3FP+av29GvxwBxTuhrAdbMp9hziih82zoMHQMB7:JAHKqU3FPTv29GJyuhrQYpXJhAMF

Score
10/10
darktrackdiscoveryexecutionpersistenceratstealer

Malware Config

Targets

    • Target

      FILENAME.pdf.exe

    • Size

      159KB

    • MD5

      2e8a9103a92a2b897692ce24c88d530c

    • SHA1

      a9cc98ca9f454f18c20777fce5cb91868925d4d7

    • SHA256

      f75d1d3c22ad03094098e20f73b01ea1d112b76ca52c3d0946f24d5c5d272951

    • SHA512

      ed2564d824d6634820ef7184b28f6d82f2fb445acd83cf05d3b6e6d3df83da2a27c81ffcbac15f9a1b74cec0be723c1cd9b15168545ab91119dfb81bbb059202

    • SSDEEP

      3072:8nPdzuK8Jdw4TMJw3uuXKpgKVObUrnmLFNuupo5+h+0fEj4ppize9asKD453h4ua:8nPdudwDHpgDUrnmLPnV+0sjAizEasxa

    Score
    10/10
    discoveryexecutionpersistencedarktrackratstealer

    • DarkTrack

      DarkTrack is a remote administration tool written in delphi.

      ratstealerdarktrack

    • DarkTrack payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      ⌚/Elsa.exe

    • Size

      1.7MB

    • MD5

      357b90b97177f4c2689266f47a99ae74

    • SHA1

      8d4fd39a6dc65fb080b38f7907f256c2e6bcff2b

    • SHA256

      1f5e2e15e2d09dd85380f2bd361d27f6dbd4c8c7f6fe270a54df1bfe3ba853c3

    • SHA512

      f6b19de06515536eec9e06a4c7de0359ebb6b3a2ce1d98fd51f49dcfb7e37ed57bbb3f642701b2d3712ee5c1438fa4009e703de721c4957b7e70f2f2919806d1

    • SSDEEP

      3072:tahKyd2n31G5vWp1icKAArDZz4N9GhbkENEk3b:tahOXp0yN90vE

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks