Overview

overview

8

Static

static

1

a11afeaa9b...39.exe

windows7-x64

8

a11afeaa9b...39.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a11afeaa9b2aaa0dcb386223ebae75f9cee5e6ee0dc3c1c29fcf9ba44f496c39.exe

  • Size

    816KB

  • Sample

    241121-h94beatrek

  • MD5

    adaf13e72e6520b5a931a674f0f23e60

  • SHA1

    7e37eb41761675b7b6d643f83fb14c5d25212044

  • SHA256

    a11afeaa9b2aaa0dcb386223ebae75f9cee5e6ee0dc3c1c29fcf9ba44f496c39

  • SHA512

    a558866436cc8635633447c0290319e003dca2466ae2b81bbeaa7edfe1feda3d6a658d3a0a05eda10345965cc43219b2e2a1e2239eb3239f12909d8dc6033334

  • SSDEEP

    12288:G7MoUURtRl071HsUCcQ7AYGyCR5EvlP9Ia8GIbPYkAdwvLRPC6Oe73MFc:mL5tXwMUxQ7A7REIacPYkAevLRPJy

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      a11afeaa9b2aaa0dcb386223ebae75f9cee5e6ee0dc3c1c29fcf9ba44f496c39.exe

    • Size

      816KB

    • MD5

      adaf13e72e6520b5a931a674f0f23e60

    • SHA1

      7e37eb41761675b7b6d643f83fb14c5d25212044

    • SHA256

      a11afeaa9b2aaa0dcb386223ebae75f9cee5e6ee0dc3c1c29fcf9ba44f496c39

    • SHA512

      a558866436cc8635633447c0290319e003dca2466ae2b81bbeaa7edfe1feda3d6a658d3a0a05eda10345965cc43219b2e2a1e2239eb3239f12909d8dc6033334

    • SSDEEP

      12288:G7MoUURtRl071HsUCcQ7AYGyCR5EvlP9Ia8GIbPYkAdwvLRPC6Oe73MFc:mL5tXwMUxQ7A7REIacPYkAevLRPJy

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks