Overview

overview

8

Static

static

3

sh3.exe

windows7-x64

8

sh3.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    sh3.exe

  • Size

    4.7MB

  • Sample

    241003-bj2asswgnp

  • MD5

    c05e2f57ddb783bd50a1ce60ab942667

  • SHA1

    63ff51c6fc6f7d1c23daf53adee33284be7db07f

  • SHA256

    e1438049509b8a3cfd1531cde1430717ae1c213091a4902d26c3ffea0239c63f

  • SHA512

    a9ac7a5bcc55b071c4c5d1c1dc80b91eaf9b5ebd3e70905d80e1bebe7ec6904af216ce87923978f5b03f92e7a29a6832807b7a996d7a6fb437f39a6a8272789b

  • SSDEEP

    98304:sSch210sOMqjv4cwsznXfjbJPIz7y36sN6ZEB:le210sOMqjv4cZO636InB

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      sh3.exe

    • Size

      4.7MB

    • MD5

      c05e2f57ddb783bd50a1ce60ab942667

    • SHA1

      63ff51c6fc6f7d1c23daf53adee33284be7db07f

    • SHA256

      e1438049509b8a3cfd1531cde1430717ae1c213091a4902d26c3ffea0239c63f

    • SHA512

      a9ac7a5bcc55b071c4c5d1c1dc80b91eaf9b5ebd3e70905d80e1bebe7ec6904af216ce87923978f5b03f92e7a29a6832807b7a996d7a6fb437f39a6a8272789b

    • SSDEEP

      98304:sSch210sOMqjv4cwsznXfjbJPIz7y36sN6ZEB:le210sOMqjv4cZO636InB

    Score
    8/10
    discoverypersistence

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks