Overview

overview

8

Static

static

372b929ae9...ef.dll

windows7_x64

8

372b929ae9...ef.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef.zip

  • Size

    841KB

  • Sample

    210118-r48wph6z2e

  • MD5

    c94a7383debf0182e18ecc24580cda6c

  • SHA1

    ea42227d94e30767a13d94d259695723775380d0

  • SHA256

    2ba304ab84b5a924eb9a5c7e605082648a0cc6bd3c4906827446183e430aca05

  • SHA512

    8513bc3cc2ff1041331d5485bc1c52d74552bf00b54a041e29b8d283949f40f7ce393a3dd4653ed6c8ea1ed15e80648eb251cbf121d2c580cc35523e68fd2283

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef

    • Size

      846KB

    • MD5

      85003057fbddd3468478adc04a1b50cd

    • SHA1

      acdd39a0d8068bfc4a16a0193c90eae85a5831fa

    • SHA256

      372b929ae9362bf357a3a8c5c968921f2c950094d928b2ed2cf94ea04bcfdbef

    • SHA512

      989f0738855e83b3ec9d97a7c9f93c0362285393cb1b7a266d6d1287bffad97c3a674c1738d1d0dc32c9751f68025da34f176a9bcc81c27b39fc1accdbbabb06

    Score
    8/10
    persistenceupx

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks