Overview

overview

10

task1

 

7

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Exes_bf2ecdd780f65b7bf90bee6f48fb8fc4.exe

  • Size

    618KB

  • Sample

    190805-93swqsfsaa

  • MD5

    bf2ecdd780f65b7bf90bee6f48fb8fc4

  • SHA1

    2554c8ce5dfc4591a20805324195c07449669263

  • SHA256

    67647c962fa663f5ca9d1d60497164ea88e8db839922277452e122cdc7f358e3

  • SHA512

    cb4c0bb2840ec9815432f9e193098a00372b69a02355bdc65ed534b0439f8b1c64b60b025d2bed080daf03adf8a55982a562e164792d30434d0ca1811462feed

Score
N/A

Malware Config

Targets

    • Target

      Exes_bf2ecdd780f65b7bf90bee6f48fb8fc4.exe

    • Size

      618KB

    • MD5

      bf2ecdd780f65b7bf90bee6f48fb8fc4

    • SHA1

      2554c8ce5dfc4591a20805324195c07449669263

    • SHA256

      67647c962fa663f5ca9d1d60497164ea88e8db839922277452e122cdc7f358e3

    • SHA512

      cb4c0bb2840ec9815432f9e193098a00372b69a02355bdc65ed534b0439f8b1c64b60b025d2bed080daf03adf8a55982a562e164792d30434d0ca1811462feed

    Score
    N/A

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • program_crash

    • Checks system information in the registry (likely anti-VM)

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Execution through API

2
T1106

Persistence

Privilege Escalation

Access Token Manipulation

1
T1134

Process Injection

1
T1055

Defense Evasion

Access Token Manipulation

1
T1134

Process Injection

1
T1055

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks