ff7bc0e26149313a9645b535dc8307ea40b5502d2143314855da9d07d7268daa | Triage

Submit
Reports

Overview

overview

9

Static

static

3

mslog.exe

windows7_x64

8

mslog.exe

windows10_x64

9

Resubmissions

03-10-2021 19:24

211003-x4nq4afeg3 9

01-10-2021 23:31

211001-3h76hadddp 8

Sharing

General

Target

mslog.exe.zip
Size

9.6MB
Sample

211003-x4nq4afeg3
MD5

82ece3f3723241b1edc4a3c288134a14
SHA1

f5d94a0f86ea23a09ba12defe6104c69415ca7c3
SHA256

ff7bc0e26149313a9645b535dc8307ea40b5502d2143314855da9d07d7268daa
SHA512

2d3fb32dee9de61f657ce2c91f9113b0442edea591467778c434027495b77bddd6030e69c4477758d2f2acc1b234205e738715b7b9b1e702287916cd9981a9f7

Score

9^/10

evasion pyinstaller ransomware spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

mslog.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mslog.exe

Resource

win10v20210408

evasion ransomware spyware stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  mslog.exe
- Size
  
  9.7MB
- MD5
  
  f203e938be3fe17ebf389ade9c6b2c9e
- SHA1
  
  85c697602efae829e8765a671b36e705a7c96662
- SHA256
  
  f0676c64a2f27a02d7947ad41eecfcd9fde5b47ea8fcb9be2a3838cb7dc86128
- SHA512
  
  fcb03c204577fc655361610ee27db83eb87a18ed17291055ef0c94de9df5de18e0624972ab4148cc6d3c2ffbcd5e63cc6ceb59292fd468687fac935bafff0030
Score

9^/10

upx evasion ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

evasionransomwarespywarestealerupx

© 2018-2024

Terms | Privacy