d3fackloader | fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a | Triage

Sharing

General

Target

WITCH IN THE WOODS BOTANICALS - DOCUSIGN, LLC.exe
Size

3.8MB
Sample

241128-1h6xbsxlgj
MD5

fd4d06722033dcfbc3e7993bcf2f574c
SHA1

3e0a7ab1bc781353deb0800408b0074b5589b018
SHA256

fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a
SHA512

2c9434b08c0146e630c71cbe9fd82d25997441565e6b3bce7057c06a6b3befa646c4d79af514d89445619503c82f40c2cb462e0666d06ace7d94322a2ea9950b
SSDEEP

98304:xaROAR3Zsbt5be4s7JviZUnk4BhvbzkzmOJdrX6OL:xIiS4gHnk4z3krRL

Score

10^/10

d3fackloader discovery downloader evasion execution loader

Malware Config

Targets

- Target
  
  WITCH IN THE WOODS BOTANICALS - DOCUSIGN, LLC.exe
- Size
  
  3.8MB
- MD5
  
  fd4d06722033dcfbc3e7993bcf2f574c
- SHA1
  
  3e0a7ab1bc781353deb0800408b0074b5589b018
- SHA256
  
  fe407790dad4c2b82a80548e5717a25994a35249209b94a2b13df894dca0a28a
- SHA512
  
  2c9434b08c0146e630c71cbe9fd82d25997441565e6b3bce7057c06a6b3befa646c4d79af514d89445619503c82f40c2cb462e0666d06ace7d94322a2ea9950b
- SSDEEP
  
  98304:xaROAR3Zsbt5be4s7JviZUnk4BhvbzkzmOJdrX6OL:xIiS4gHnk4z3krRL
Score

10^/10

d3fackloader discovery downloader loader evasion execution
- D3fackloader
  D3fackloader is a loader and downloader using Inno Setup.
  loader downloader d3fackloader
- D3fackloader family
  d3fackloader
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Downloads MZ/PE file
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

d3fackloaderdiscoverydownloaderloader

behavioral2

d3fackloaderdiscoverydownloaderevasionexecutionloader