Overview

overview

8

Static

static

3

1779012f32...dN.exe

windows7-x64

8

1779012f32...dN.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1779012f3268bfc96e11da939f0a5e3ce43c5fe5ba59e51a93d1ebea3471865dN.exe

  • Size

    166KB

  • Sample

    240925-z7tgvs1frg

  • MD5

    abfd19f97fd9e2aff669c694b9d6ba10

  • SHA1

    382f594b0b83ce3d818a6c1ff743a4bad6622bee

  • SHA256

    1779012f3268bfc96e11da939f0a5e3ce43c5fe5ba59e51a93d1ebea3471865d

  • SHA512

    3509df78a7d4616076b2b745dcad202664e82da47081701fa265051ed8f51af6c77cc9751b00adfb89a030014de900179c1b8ecfc48c55779d84bda0455a7086

  • SSDEEP

    1536:JCelxfgCelxfgCelxfgCelxfgCelxfgCelxfe:JZnYZnYZnYZnYZnYZnm

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      1779012f3268bfc96e11da939f0a5e3ce43c5fe5ba59e51a93d1ebea3471865dN.exe

    • Size

      166KB

    • MD5

      abfd19f97fd9e2aff669c694b9d6ba10

    • SHA1

      382f594b0b83ce3d818a6c1ff743a4bad6622bee

    • SHA256

      1779012f3268bfc96e11da939f0a5e3ce43c5fe5ba59e51a93d1ebea3471865d

    • SHA512

      3509df78a7d4616076b2b745dcad202664e82da47081701fa265051ed8f51af6c77cc9751b00adfb89a030014de900179c1b8ecfc48c55779d84bda0455a7086

    • SSDEEP

      1536:JCelxfgCelxfgCelxfgCelxfgCelxfgCelxfe:JZnYZnYZnYZnYZnYZnm

    Score
    8/10
    discoverypersistence

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks