Overview

overview

8

Static

static

FTS_DeskUp...64.EXE

windows7_x64

8

FTS_DeskUp...64.EXE

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FTS_DeskUpdate_5010064_1238864.EXE

  • Size

    73.1MB

  • Sample

    201117-hjy12g3zj6

  • MD5

    f642c9bff4583f2eb7ef55211a1d8f29

  • SHA1

    f261437de769225e5e7bc1f6a1b0a40cd569db9d

  • SHA256

    1d87ded4bf597d3087a86bbc2b69b297c1ab9a6c770446e6b1dde4345f131d06

  • SHA512

    1afaca92887e818efd4a595ae50487501e150414bb14f908503dd9b04331f1b950d3da1bad025fa43897a71623a974afaa07f7ff28464eb0c72c65c293aae77c

Score
8/10
discovery

Malware Config

Targets

    • Target

      FTS_DeskUpdate_5010064_1238864.EXE

    • Size

      73.1MB

    • MD5

      f642c9bff4583f2eb7ef55211a1d8f29

    • SHA1

      f261437de769225e5e7bc1f6a1b0a40cd569db9d

    • SHA256

      1d87ded4bf597d3087a86bbc2b69b297c1ab9a6c770446e6b1dde4345f131d06

    • SHA512

      1afaca92887e818efd4a595ae50487501e150414bb14f908503dd9b04331f1b950d3da1bad025fa43897a71623a974afaa07f7ff28464eb0c72c65c293aae77c

    Score
    8/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • JavaScript code in executable

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks