Overview

overview

10

Static

static

SecuriteIn...49.exe

windows7_x64

10

SecuriteIn...49.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Mal.Generic-S.15611.8549

  • Size

    3.9MB

  • Sample

    201109-n3697t386s

  • MD5

    f6b72a826a885d982df7d5648e37b62c

  • SHA1

    9feeba171ef18d1bb68e4f185c1af7c6d4b1eae6

  • SHA256

    c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b

  • SHA512

    2c52277b03cec9f08861dbebb5df24d9510b02312487a108c2d2411fba1799629e0914276dac84ee6a160ae9b8e34a7f4621dbe4fdf171d44ae1d8d3aeb68f65

Score
10/10
discoveryevasionpersistencetrojan

Malware Config

Targets

    • Target

      SecuriteInfo.com.Mal.Generic-S.15611.8549

    • Size

      3.9MB

    • MD5

      f6b72a826a885d982df7d5648e37b62c

    • SHA1

      9feeba171ef18d1bb68e4f185c1af7c6d4b1eae6

    • SHA256

      c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b

    • SHA512

      2c52277b03cec9f08861dbebb5df24d9510b02312487a108c2d2411fba1799629e0914276dac84ee6a160ae9b8e34a7f4621dbe4fdf171d44ae1d8d3aeb68f65

    Score
    10/10
    discoveryevasionpersistencetrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Windows security bypass

      evasiontrojan

    • Modifies boot configuration data using bcdedit

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • JavaScript code in executable

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks