Overview

overview

7

task1

 

7

task2

 

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f86e7db3cf147f49c79677100723ea3028fd48f29456442522584de483f24a0

  • Size

    835KB

  • Sample

    191025-xfwd7hcxyj

  • MD5

    c5909499e4f4317fb4186dcaf0ebdf89

  • SHA1

    c2d9174777a1b71c48b22e35943e150ed3075b65

  • SHA256

    4f86e7db3cf147f49c79677100723ea3028fd48f29456442522584de483f24a0

  • SHA512

    eb70baafa1b04afd738b9df2680b1a11b5fe6381c7fd39115fcf93ff79ea3aa9571a1a25dba75b8139d66685024da6f6c951bf3d607b5551bc1e5f214546b12c

Score
7/10

Malware Config

Targets

    • Target

      4f86e7db3cf147f49c79677100723ea3028fd48f29456442522584de483f24a0

    • Size

      835KB

    • MD5

      c5909499e4f4317fb4186dcaf0ebdf89

    • SHA1

      c2d9174777a1b71c48b22e35943e150ed3075b65

    • SHA256

      4f86e7db3cf147f49c79677100723ea3028fd48f29456442522584de483f24a0

    • SHA512

      eb70baafa1b04afd738b9df2680b1a11b5fe6381c7fd39115fcf93ff79ea3aa9571a1a25dba75b8139d66685024da6f6c951bf3d607b5551bc1e5f214546b12c

    Score
    7/10

    • Drops startup file

    • Windows security modification

      evasiontrojan

    • Maps connected drives based on registry (likely anti-VM)

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks