Overview

overview

8

Static

static

KMSpico_setup.exe

windows7_x64

8

KMSpico_setup.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KMSpico_setup.exe

  • Size

    3.4MB

  • Sample

    211202-lqd4yshce6

  • MD5

    573bfef9558ca88d4b63965bae5a4c58

  • SHA1

    c45e9c746cd5514da1110ca1a13f950c0c49c952

  • SHA256

    dae563c4de07a705db24730f44090f68d55ecf5543ebb3f41952a450c2cf0f45

  • SHA512

    c9322d9542dfce68418af13988535b376d7a61e99f7b29240b681aed67c44d1609680228b8985513e04058bd4183a587519102e0e5ed6268e20e0c5348eaf311

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      KMSpico_setup.exe

    • Size

      3.4MB

    • MD5

      573bfef9558ca88d4b63965bae5a4c58

    • SHA1

      c45e9c746cd5514da1110ca1a13f950c0c49c952

    • SHA256

      dae563c4de07a705db24730f44090f68d55ecf5543ebb3f41952a450c2cf0f45

    • SHA512

      c9322d9542dfce68418af13988535b376d7a61e99f7b29240b681aed67c44d1609680228b8985513e04058bd4183a587519102e0e5ed6268e20e0c5348eaf311

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • Modifies AppInit DLL entries

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks