Overview

overview

10

Static

static

3

.pdf.exe

windows7-x64

8

.pdf.exe

windows10-2004-x64

10

⌚/Jeny.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .pdf.exe_

  • Size

    156KB

  • Sample

    241016-waj1dawglq

  • MD5

    d0fe6894bc2a79ff92e81047d9eef20e

  • SHA1

    62128c6b15c198f93bb11af238a3be35302b066e

  • SHA256

    1dd25d87c7d8bb002831ed549eb0f077bc1f22e4a61f6d383d17badf92a9e37b

  • SHA512

    271177b2188e014052baade253bd1d7141da51a66ad4d2ae1dfb60edf30ffdd813a26b0fe9c627a3500497006ed366ef64f979ce1eab7c2fb9d08ccdbed71c28

  • SSDEEP

    3072:IXK9qKo9bH1ruuXKpgKVObD+HQGJ4peVGHPJn8ugJDjsUQUach7tyur1nPt:IXFKo5cpgDD+lWpxHP5ZgJj6chh

Score
10/10
darktrackdiscoveryexecutionpersistenceratstealer

Malware Config

Targets

    • Target

      .pdf.exe_

    • Size

      156KB

    • MD5

      d0fe6894bc2a79ff92e81047d9eef20e

    • SHA1

      62128c6b15c198f93bb11af238a3be35302b066e

    • SHA256

      1dd25d87c7d8bb002831ed549eb0f077bc1f22e4a61f6d383d17badf92a9e37b

    • SHA512

      271177b2188e014052baade253bd1d7141da51a66ad4d2ae1dfb60edf30ffdd813a26b0fe9c627a3500497006ed366ef64f979ce1eab7c2fb9d08ccdbed71c28

    • SSDEEP

      3072:IXK9qKo9bH1ruuXKpgKVObD+HQGJ4peVGHPJn8ugJDjsUQUach7tyur1nPt:IXFKo5cpgDD+lWpxHP5ZgJj6chh

    Score
    10/10
    discoveryexecutionpersistencedarktrackratstealer

    • DarkTrack

      DarkTrack is a remote administration tool written in delphi.

      ratstealerdarktrack

    • DarkTrack payload

    • Blocklisted process makes network request

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      ⌚/Jeny.exe

    • Size

      176KB

    • MD5

      713593357178076d7aa7ddb4fab30bc9

    • SHA1

      99c91cd8248dd178245d2153d8560f2bdd7a40f0

    • SHA256

      ccf4db73bd2e8a612b25c05869159d3375b1230e27194175d6e5e6f576fb7d33

    • SHA512

      349326240446ebff9a2ed89c1bafc14eb4018b875aa16184c2ed1f0f381b048d53d18f890549ddc6fbfc2fbf34b3f72f44dbe085e46a0b00e3734ec725f078f9

    • SSDEEP

      3072:iHwrxmMpvDITZg1S35GWp1icKAArDZz4N9GhbkrNEk1yr:9rMZ1p0yN90QEF

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks