Overview

overview

10

task1

 

1

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5d4a56d540593de13427367c8008e30b0c996be6f9db3f3e142ffdb5d5ef706

  • Size

    505KB

  • Sample

    191025-bq921d6dg6

  • MD5

    093d75a6935073192e9879dd81a61056

  • SHA1

    3de92adc61f20eb4a8df5e1341db1d513d84fbec

  • SHA256

    c5d4a56d540593de13427367c8008e30b0c996be6f9db3f3e142ffdb5d5ef706

  • SHA512

    0dbf447e36c004b81441deaa120f1499687c6a4e876b18121d08b5586ca080f75b6dd1513873fbbc6894b84998ac737311aa270005b550867904c3178312687c

Score
10/10

Malware Config

Targets

    • Target

      c5d4a56d540593de13427367c8008e30b0c996be6f9db3f3e142ffdb5d5ef706

    • Size

      505KB

    • MD5

      093d75a6935073192e9879dd81a61056

    • SHA1

      3de92adc61f20eb4a8df5e1341db1d513d84fbec

    • SHA256

      c5d4a56d540593de13427367c8008e30b0c996be6f9db3f3e142ffdb5d5ef706

    • SHA512

      0dbf447e36c004b81441deaa120f1499687c6a4e876b18121d08b5586ca080f75b6dd1513873fbbc6894b84998ac737311aa270005b550867904c3178312687c

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks processor name in registry (likely anti-VM)

    • Program crash

    • Windows security modification

      evasiontrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks