Overview

overview

10

Static

static

UBHSXNUQ.EXE

windows7_x64

10

UBHSXNUQ.EXE

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL_0098704.IMG

  • Size

    1.4MB

  • Sample

    210913-t6nbkaeba9

  • MD5

    5a1da3aa02cb6d8e2fa0307f3816f5df

  • SHA1

    60123665c571b37f0beee94899dd2072046e4a5a

  • SHA256

    20bc0922b1ea5abebc48e3ce4434dbe37ef748704d0b68dc07b3631d52efc486

  • SHA512

    dbcb3b98251222fdac65628c398d40520da41c415272454e18d58c709e47524b7373041e8aeeeb22a7bb1e1fcb45bf8e2ea836bf863ae2f649f6a30ce6f84efa

Score
10/10
bitratmodiloaderpersistencetrojanupx

Malware Config

Targets

    • Target

      UBHSXNUQ.EXE

    • Size

      835KB

    • MD5

      bdd5bed3e1df79003329e61a16040535

    • SHA1

      d197c51c4174ca8e6dc1824d51b3af3a617f0ee3

    • SHA256

      e506b889ba308697f0a32ef807b7fb3c52ef2d8a97d074ffd9d6920731d99770

    • SHA512

      3001016ca703295aeea5523e4624395981acad9cb36dc0df5c604cc65308db6e99c412c467d1fe68d48733b1c81ca6bd7654917a0116fb0228f57494ecf34d81

    Score
    10/10
    bitratmodiloaderpersistencetrojanupx

    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

      trojanbitrat

    • BitRAT Payload

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks