Overview

overview

9

Static

static

contract s...st.exe

windows7_x64

9

contract s...st.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    contract supply list.exe

  • Size

    311KB

  • Sample

    200712-rxa8avqv12

  • MD5

    1c8f2480d5bfe4d9bbe8bc432ccc5c97

  • SHA1

    5ff74ec7bd4d10582ce2c949ade827b1ccb23d21

  • SHA256

    24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac

  • SHA512

    158ec88cc3d9ee15c2a96402e58547bd58896be18cc9502c8e204a21e85e3657cd4d07be03fba888911ff4d26e40b882afbc97ab6d04f8f1a67260205126acfe

Score
9/10

Malware Config

Targets

    • Target

      contract supply list.exe

    • Size

      311KB

    • MD5

      1c8f2480d5bfe4d9bbe8bc432ccc5c97

    • SHA1

      5ff74ec7bd4d10582ce2c949ade827b1ccb23d21

    • SHA256

      24f64f0f4a0f7b860db4e664e4f4c76a08f20d3490966de4637958bbecc618ac

    • SHA512

      158ec88cc3d9ee15c2a96402e58547bd58896be18cc9502c8e204a21e85e3657cd4d07be03fba888911ff4d26e40b882afbc97ab6d04f8f1a67260205126acfe

    Score
    9/10

    • Looks for VirtualBox Guest Additions in registry

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks