Overview

overview

8

Static

static

8

$Recycle.B...M9.exe

windows7_x64

8

$Recycle.B...M9.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d38a406-a252-441f-ba6b-a30dc933916e.zip

  • Size

    1.1MB

  • Sample

    210302-npwx8es142

  • MD5

    56de284fe5de62f4d41d3c6a7087071b

  • SHA1

    71cab95b8697e6d43c2955469cb884ce5fddb3c2

  • SHA256

    fe1061f7940953bca5390713e75fdae049a5049abb12daee2bc42dc82d0fddf1

  • SHA512

    f2b027eaa5bc47292420bd4e87d54e02b322c429876c52b3ef15e85d32fac234ebe57cee34ed86cc4924d70b99d2dbafc36367d303644f7a29d85f069e8bc0d1

Score
8/10
discoveryupx

Malware Config

Targets

    • Target

      $Recycle.Bin/S-1-5-21-1063017186-617417581-1783442191-77788/$R31D8M9.exe

    • Size

      1.2MB

    • MD5

      8ef93a4d8de454de68f7bb2dee940109

    • SHA1

      ffddbb8283cf91cd97c05f635ccaf4cce9b02cd3

    • SHA256

      edcbe7f4691ca8bebc33b7b24c7dede243daf81ba8eec329aeadf71c8af1b305

    • SHA512

      cd4838e2dbd267bf8ae0ec69be08ddac7c2b4580dcfdd3db834bc39995b32e4e1303112419ed887d664f62f1341443ccfa05150404bb8adc71859d57cdf943a1

    Score
    8/10
    discovery

    • Executes dropped EXE

    • Patched UPX-packed file

      Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks