Overview

overview

10

Static

static

3

a2ea60f046...8N.exe

windows7-x64

8

a2ea60f046...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2ea60f0463c10ca7d367a52e2da1137b89d8f6782226c7915f551da4bbb9d98N

  • Size

    244KB

  • Sample

    241101-wmamgatfpp

  • MD5

    f4f6060f711eb02cf470fc6d3042b900

  • SHA1

    369f21d75393fcfda7dad90bc9fe56d7beac5264

  • SHA256

    a2ea60f0463c10ca7d367a52e2da1137b89d8f6782226c7915f551da4bbb9d98

  • SHA512

    2609ecb222dd7c62c0d2b49664537c3cd223270c364e3098ea4618fbbc9e84c6a77083bd63ab95d9779df58ed6e3a50446708b5d240a183c6d82fff9b230100c

  • SSDEEP

    3072:fo8L5tpV+CSA1AAPoCpxW5ATBfUPhpS1svkTVC9FieYTTLprx/m3qT4S826guKqk:xtpvoCpcPe1jQdi8rlWn

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      a2ea60f0463c10ca7d367a52e2da1137b89d8f6782226c7915f551da4bbb9d98N

    • Size

      244KB

    • MD5

      f4f6060f711eb02cf470fc6d3042b900

    • SHA1

      369f21d75393fcfda7dad90bc9fe56d7beac5264

    • SHA256

      a2ea60f0463c10ca7d367a52e2da1137b89d8f6782226c7915f551da4bbb9d98

    • SHA512

      2609ecb222dd7c62c0d2b49664537c3cd223270c364e3098ea4618fbbc9e84c6a77083bd63ab95d9779df58ed6e3a50446708b5d240a183c6d82fff9b230100c

    • SSDEEP

      3072:fo8L5tpV+CSA1AAPoCpxW5ATBfUPhpS1svkTVC9FieYTTLprx/m3qT4S826guKqk:xtpvoCpcPe1jQdi8rlWn

    Score
    10/10
    discoveryevasionpersistence

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Command and Control

Exfiltration

Impact

Tasks