General

  • Target

    493A1481892C26BC0939053ECFE52BD8.exe

  • Size

    18.8MB

  • Sample

    210721-dwvxkfm3jj

  • MD5

    493a1481892c26bc0939053ecfe52bd8

  • SHA1

    ec33b3c266336bf384abacd5ac2e2cdbf39c1d05

  • SHA256

    06563f00355b6af7247e643234ff4bab3bdf580e295ac374c6f5a7cd7867a2e9

  • SHA512

    119f722884f74cba9a125a99423962cf854b5975bb719f00dba56ddef1894031d57fc6ab80a874cfd02f476fd994c60830507c02aff4ae8dd426d922b3b85c4b

Malware Config

Targets

    • Target

      493A1481892C26BC0939053ECFE52BD8.exe

    • Size

      18.8MB

    • MD5

      493a1481892c26bc0939053ecfe52bd8

    • SHA1

      ec33b3c266336bf384abacd5ac2e2cdbf39c1d05

    • SHA256

      06563f00355b6af7247e643234ff4bab3bdf580e295ac374c6f5a7cd7867a2e9

    • SHA512

      119f722884f74cba9a125a99423962cf854b5975bb719f00dba56ddef1894031d57fc6ab80a874cfd02f476fd994c60830507c02aff4ae8dd426d922b3b85c4b

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks