Overview

overview

8

Static

static

61a70fdae6...05.exe

windows7_x64

8

61a70fdae6...05.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05

  • Size

    9.9MB

  • Sample

    210302-cspjygawj2

  • MD5

    37dd37036261a48f03938339d7990506

  • SHA1

    e34be4878b38bc4ca11162eef0430bb776da8795

  • SHA256

    61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05

  • SHA512

    b6570cf2a7af265a195f355dcaac93e751bcef00dff9cd3d25a3213a6ce500c3d9275138d007acc4f50125aedd063c96dc03dfb728aab890aacefdc5a687c0a4

Score
8/10
upx

Malware Config

Targets

    • Target

      61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05

    • Size

      9.9MB

    • MD5

      37dd37036261a48f03938339d7990506

    • SHA1

      e34be4878b38bc4ca11162eef0430bb776da8795

    • SHA256

      61a70fdae6040d08c4f66f5d5ba95aba1987cda5e4715903696c3139a33d8e05

    • SHA512

      b6570cf2a7af265a195f355dcaac93e751bcef00dff9cd3d25a3213a6ce500c3d9275138d007acc4f50125aedd063c96dc03dfb728aab890aacefdc5a687c0a4

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks