Overview

overview

7

task1

 

5

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c99458e7cca21da41178cdff64715ced87e03fe61e33182854e4b0438b3b1f9

  • Size

    367KB

  • Sample

    191025-7xg15dphes

  • MD5

    10a34640fba05520712254b9b9405be0

  • SHA1

    4312126f7c95d384c0dd82e23565090563274a39

  • SHA256

    9c99458e7cca21da41178cdff64715ced87e03fe61e33182854e4b0438b3b1f9

  • SHA512

    cea4500db17d80b5acee020197246b8188dbee320116e95639617fe4fce8290abef281d492f4f097aa7a014263ffbe521505cba1618ddf031c310bca42e117c9

Score
7/10

Malware Config

Targets

    • Target

      9c99458e7cca21da41178cdff64715ced87e03fe61e33182854e4b0438b3b1f9

    • Size

      367KB

    • MD5

      10a34640fba05520712254b9b9405be0

    • SHA1

      4312126f7c95d384c0dd82e23565090563274a39

    • SHA256

      9c99458e7cca21da41178cdff64715ced87e03fe61e33182854e4b0438b3b1f9

    • SHA512

      cea4500db17d80b5acee020197246b8188dbee320116e95639617fe4fce8290abef281d492f4f097aa7a014263ffbe521505cba1618ddf031c310bca42e117c9

    Score
    7/10

    • Windows security modification

      evasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks