Overview

overview

10

Static

static

f616975d69...10.exe

windows7_x64

1

f616975d69...10.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f616975d69da372f403d58ba955dc510

  • Size

    4.6MB

  • Sample

    211205-jpf6tacbdm

  • MD5

    f616975d69da372f403d58ba955dc510

  • SHA1

    e22fcb3ec811cba8d74d4f897d495f21e8c88224

  • SHA256

    65f47cd450bd96cba40e838cb0355638a1d43b3ac51d3d6e97a469d5425a7874

  • SHA512

    2be545ed1a330f76ff21e3f8406b4982b86a432065264fd88008ab762bf2fafb0f892cbee2b395cdd62c6be98ce02868223331bf1f3e9402cde6f366ca8c49e5

Score
10/10
persistenceupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1

Targets

    • Target

      f616975d69da372f403d58ba955dc510

    • Size

      4.6MB

    • MD5

      f616975d69da372f403d58ba955dc510

    • SHA1

      e22fcb3ec811cba8d74d4f897d495f21e8c88224

    • SHA256

      65f47cd450bd96cba40e838cb0355638a1d43b3ac51d3d6e97a469d5425a7874

    • SHA512

      2be545ed1a330f76ff21e3f8406b4982b86a432065264fd88008ab762bf2fafb0f892cbee2b395cdd62c6be98ce02868223331bf1f3e9402cde6f366ca8c49e5

    Score
    10/10
    persistenceupx

    • Grants admin privileges

      Uses net.exe to modify the user's privileges.

    • Blocklisted process makes network request

    • Modifies RDP port number used by Windows

    • Sets DLL path for service in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

1
T1098

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

1
T1076

Collection

Exfiltration

Command and Control

Impact

Tasks