Overview

overview

8

Static

static

8

0b6e416eab...4a.exe

windows7_x64

8

0b6e416eab...4a.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b6e416eab80442ee2c779d02f7154544e8d3ac34aa3c184b3ca4cbbb1fbe74a

  • Size

    1.5MB

  • Sample

    210302-72mr8z1s7n

  • MD5

    047f331e5d105a49b043611e3215d511

  • SHA1

    6d17f32045d64634d10cb6248ae3d12449bf51cb

  • SHA256

    0b6e416eab80442ee2c779d02f7154544e8d3ac34aa3c184b3ca4cbbb1fbe74a

  • SHA512

    4681e9692fd508d02182ea7620833c98c4759ec8d6051bcbe8e0a5c94d74e51372b86d5e20c47b0b2b646c09337d6fdefacba30188ccd3be2f14d3bb509ef534

Score
8/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      0b6e416eab80442ee2c779d02f7154544e8d3ac34aa3c184b3ca4cbbb1fbe74a

    • Size

      1.5MB

    • MD5

      047f331e5d105a49b043611e3215d511

    • SHA1

      6d17f32045d64634d10cb6248ae3d12449bf51cb

    • SHA256

      0b6e416eab80442ee2c779d02f7154544e8d3ac34aa3c184b3ca4cbbb1fbe74a

    • SHA512

      4681e9692fd508d02182ea7620833c98c4759ec8d6051bcbe8e0a5c94d74e51372b86d5e20c47b0b2b646c09337d6fdefacba30188ccd3be2f14d3bb509ef534

    Score
    8/10
    evasionpersistence

    • Disables Task Manager via registry modification

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks