Overview

overview

10

Static

static

3

f256781c4f...fN.exe

windows7-x64

10

f256781c4f...fN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f256781c4f5c2872f05b56c5c23253a1fc7daadda05c4563f85cc1e38c8ecfbfN.exe

  • Size

    298KB

  • Sample

    241122-rggrdaxrem

  • MD5

    bb7bd3792a85b3353e5ce7c858b6c230

  • SHA1

    66fcff264da80727a31437b7b5eea06b51d9fffd

  • SHA256

    f256781c4f5c2872f05b56c5c23253a1fc7daadda05c4563f85cc1e38c8ecfbf

  • SHA512

    5476729b5e96aa8ba0966d2dce99059bb863aa8e2d457db868a2e289d07476702e12ab7e5c5a4183d3cc0e02e49d2b43a47cee175c2a5ba4b3cc5eeb8eea423d

  • SSDEEP

    6144:L+k5XLaJbcplKJmxOYO3rLPFE2NJOdK/wmi:t+JbMJqfFE27P9i

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      f256781c4f5c2872f05b56c5c23253a1fc7daadda05c4563f85cc1e38c8ecfbfN.exe

    • Size

      298KB

    • MD5

      bb7bd3792a85b3353e5ce7c858b6c230

    • SHA1

      66fcff264da80727a31437b7b5eea06b51d9fffd

    • SHA256

      f256781c4f5c2872f05b56c5c23253a1fc7daadda05c4563f85cc1e38c8ecfbf

    • SHA512

      5476729b5e96aa8ba0966d2dce99059bb863aa8e2d457db868a2e289d07476702e12ab7e5c5a4183d3cc0e02e49d2b43a47cee175c2a5ba4b3cc5eeb8eea423d

    • SSDEEP

      6144:L+k5XLaJbcplKJmxOYO3rLPFE2NJOdK/wmi:t+JbMJqfFE27P9i

    Score
    10/10
    discoveryevasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks