Overview

overview

10

Static

static

app_noupx.bin.exe

windows7_x64

10

app_noupx.bin.exe

windows10_x64

10

Resubmissions

22-11-2020 20:14

201122-l4t1amvd3a 10

22-11-2020 20:09

201122-8kls7gxk76 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    app_noupx.bin.zip

  • Size

    3.7MB

  • Sample

    201122-8kls7gxk76

  • MD5

    3e55479859bc59aea4fdfc76e385d7c3

  • SHA1

    0d1ad13637609c13fd675161c56f03a7d0b7c518

  • SHA256

    ae1a18a7f47e6531eadf017211a5a4de117daf8b137d1f5434dd624039d0e61c

  • SHA512

    4605e9732ec746d8be4aeb0161f1f48b3e2ca5ce12232d266f07a46cea3b44b20de7ef6da7be441b8142bc926e4149f6951e8e92743800d6906fee08b7da91ab

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      app_noupx.bin

    • Size

      5.0MB

    • MD5

      fb072e457c48291f47fe7f01731ccc01

    • SHA1

      37ce6ef68bda65081c41f1db361e7d85128693cd

    • SHA256

      bce2c8e888cfb6bc11ac3e73f26a076848d6fdab126ac488d2e0bbcc5bb5142f

    • SHA512

      aff07b2f66f59159d9f7bf55752bc14b8537c80aab5ede548f19c7bdb1d2b58d90e961135d0bef8f65779b3e7b5525e5ca1e8e3ef5617207eb404ce417061c95

    Score
    10/10
    evasionpersistencetrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

2
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

2
T1089

Modify Registry

5
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks