6f4c49af2816b18488a1f4e2c08380c719df849c7030652e4971332ba3100927 | Triage

Submit
Reports

Overview

overview

Static

static

DCQPKX.bin

windows7_x64

DCQPKX.bin

windows10_x64

Resubmissions

19-01-2023 17:08

230119-vnk9xsgf64 4

04-12-2021 17:54

211204-wg7d9abdeq 10

Sharing

General

Target

DCQPKX.bin
Size

118KB
Sample

211204-wg7d9abdeq
MD5

10f237e6da56cf46bfd0ea8c22544bee
SHA1

d83d7974796fd286f24dd606cf11b444ca55e249
SHA256

6f4c49af2816b18488a1f4e2c08380c719df849c7030652e4971332ba3100927
SHA512

834b6c9b3cfe740c3c0560f974e399d9efd2ca4586580bf148a43285b2cc4c0ad21ed05869587143be448f6fb42fa4b8dea9f2a2c585c4bfb77ba8056130c1ab

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

DCQPKX.bin

Resource

win7-en-20211014

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DCQPKX.bin

Resource

win10-en-20211014

evasion persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DCQPKX.bin
- Size
  
  118KB
- MD5
  
  10f237e6da56cf46bfd0ea8c22544bee
- SHA1
  
  d83d7974796fd286f24dd606cf11b444ca55e249
- SHA256
  
  6f4c49af2816b18488a1f4e2c08380c719df849c7030652e4971332ba3100927
- SHA512
  
  834b6c9b3cfe740c3c0560f974e399d9efd2ca4586580bf148a43285b2cc4c0ad21ed05869587143be448f6fb42fa4b8dea9f2a2c585c4bfb77ba8056130c1ab
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables Task Manager via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2024

Terms | Privacy