General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.47566371.31888.25819

  • Size

    120KB

  • Sample

    211206-drb2zsgad9

  • MD5

    2db2f599b773f36a2ed6c8797e8882df

  • SHA1

    be5f83ef476e83ed5f2a2e77b8046ff86035e0b0

  • SHA256

    8303f7eae4b7cb8020a8c0c1a24ee427438fbbcb2803da6b0e3fd8aa43da6910

  • SHA512

    2876db33ae2278316bad322edc0d49553109dc49d0010475508d19f2fe16d75115742baec319e7d3a8048605a64b78e8bfc8aa00433ada01a2c1cb5aba43d3d4

Score
8/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.GenericKD.47566371.31888.25819

    • Size

      120KB

    • MD5

      2db2f599b773f36a2ed6c8797e8882df

    • SHA1

      be5f83ef476e83ed5f2a2e77b8046ff86035e0b0

    • SHA256

      8303f7eae4b7cb8020a8c0c1a24ee427438fbbcb2803da6b0e3fd8aa43da6910

    • SHA512

      2876db33ae2278316bad322edc0d49553109dc49d0010475508d19f2fe16d75115742baec319e7d3a8048605a64b78e8bfc8aa00433ada01a2c1cb5aba43d3d4

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Tasks