144525451ace8e714f95f6235f310b6959871e559e11f33f3164006a02832a7f | Triage

Sharing

General

Target

OQfFxsl.exe
Size

1.6MB
Sample

211021-pxynqabbel
MD5

44150395748c027ef5f8eed812f620b0
SHA1

0d26c44e5e93a08da7504344498d3275ca11653e
SHA256

144525451ace8e714f95f6235f310b6959871e559e11f33f3164006a02832a7f
SHA512

5ba96935ebacd7c4e377c3171d411e7383132eed1c087ef66c3fe1a54987f826ac9221a1f43f4cc6627d184f7621dca6858b84ae692bde127bdf9d3a7bc04a4c

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  OQfFxsl.exe
- Size
  
  1.6MB
- MD5
  
  44150395748c027ef5f8eed812f620b0
- SHA1
  
  0d26c44e5e93a08da7504344498d3275ca11653e
- SHA256
  
  144525451ace8e714f95f6235f310b6959871e559e11f33f3164006a02832a7f
- SHA512
  
  5ba96935ebacd7c4e377c3171d411e7383132eed1c087ef66c3fe1a54987f826ac9221a1f43f4cc6627d184f7621dca6858b84ae692bde127bdf9d3a7bc04a4c
Score

10^/10

persistence evasion trojan
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5 behavioral6 behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

evasionpersistencetrojan

behavioral6

behavioral7