Overview

overview

8

Static

static

d9cbb1b75b...82.exe

windows7_x64

8

d9cbb1b75b...82.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9cbb1b75b2ec76764fa80ef4ff42382.exe

  • Size

    827KB

  • Sample

    200731-g79hpwmpgx

  • MD5

    d9cbb1b75b2ec76764fa80ef4ff42382

  • SHA1

    fc2c102ad05eda02088f21426a03257b095aab51

  • SHA256

    5debeda2835def4c4f135d47aa5fc9d0ef39d5193e50a85b690332db62a8cafe

  • SHA512

    ab8c5f63c39ed404e9ad28731107ad9405295207f80f2b8b2d7bc6b641da67400c29978845fcf97c6aed3981f5714c2f355c1dc40d1294b9a53185792458c5be

Score
8/10
persistence

Malware Config

Targets

    • Target

      d9cbb1b75b2ec76764fa80ef4ff42382.exe

    • Size

      827KB

    • MD5

      d9cbb1b75b2ec76764fa80ef4ff42382

    • SHA1

      fc2c102ad05eda02088f21426a03257b095aab51

    • SHA256

      5debeda2835def4c4f135d47aa5fc9d0ef39d5193e50a85b690332db62a8cafe

    • SHA512

      ab8c5f63c39ed404e9ad28731107ad9405295207f80f2b8b2d7bc6b641da67400c29978845fcf97c6aed3981f5714c2f355c1dc40d1294b9a53185792458c5be

    Score
    8/10
    persistence

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks