Overview

overview

10

task1

 

5

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80

  • Size

    417KB

  • Sample

    191025-fs2a5gpl12

  • MD5

    92eba943bfdf15732f4f8d47d596c38a

  • SHA1

    26ce9046dbe35974610caddecee0aa64fb0af99c

  • SHA256

    ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80

  • SHA512

    1671e609cca1eb6e0bbe5725ff21f23c6c3411474f50bf48a3fb1d845e040ae531614c453b67fe0fdc5e531553992c2e76680d2f8f6f401c7f6c2a66565cef49

Score
10/10

Malware Config

Targets

    • Target

      ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80

    • Size

      417KB

    • MD5

      92eba943bfdf15732f4f8d47d596c38a

    • SHA1

      26ce9046dbe35974610caddecee0aa64fb0af99c

    • SHA256

      ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80

    • SHA512

      1671e609cca1eb6e0bbe5725ff21f23c6c3411474f50bf48a3fb1d845e040ae531614c453b67fe0fdc5e531553992c2e76680d2f8f6f401c7f6c2a66565cef49

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Program crash

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks