Overview

overview

8

Static

static

983909e9e6...dd.exe

windows7_x64

8

983909e9e6...dd.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    983909e9e67f6f54976187f51d865ddd.exe

  • Size

    830KB

  • Sample

    200731-n7h824x5vj

  • MD5

    983909e9e67f6f54976187f51d865ddd

  • SHA1

    b97e49007f7d75ae33bf67de303a737a1bb1e080

  • SHA256

    8bb7089cb231edd0bd09d9611b41f6f23e12e5110dee1c97a1346ef57198c41f

  • SHA512

    456912d32483c0ac9bc0560eccfab23ed6fa9fbffb15b97a889b5806b2831e73f49b6190deb9d70543c49a1fd0186d1c7df5b2cf77574c4dac4a65fb0d1e2282

Score
8/10
persistence

Malware Config

Targets

    • Target

      983909e9e67f6f54976187f51d865ddd.exe

    • Size

      830KB

    • MD5

      983909e9e67f6f54976187f51d865ddd

    • SHA1

      b97e49007f7d75ae33bf67de303a737a1bb1e080

    • SHA256

      8bb7089cb231edd0bd09d9611b41f6f23e12e5110dee1c97a1346ef57198c41f

    • SHA512

      456912d32483c0ac9bc0560eccfab23ed6fa9fbffb15b97a889b5806b2831e73f49b6190deb9d70543c49a1fd0186d1c7df5b2cf77574c4dac4a65fb0d1e2282

    Score
    8/10
    persistence

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks