4a6a29e358327ac53ec209cfa4e32d73286413bdeaa2da4c80b8109b7906de5c | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...20.exe

windows7_x64

1

SecuriteIn...20.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKD.38168840.9615.25220
Size

4.6MB
Sample

211206-e6nvrsdcgr
MD5

7faddf1721f8f471bcbbd735e4032e1a
SHA1

9e1aadf3e0cd2642365599236e2dd9eaf1ab9aa9
SHA256

4a6a29e358327ac53ec209cfa4e32d73286413bdeaa2da4c80b8109b7906de5c
SHA512

cf55867f2995be8ae4c6083bd9d1972630f4ab2435f65918ca9510d356c64a3b043fdc90d0ccc4c03c0144bcbd70c8bf01ede271c9b0663bd2ae9f8c0e7ccc53

Score

10^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.GenericKD.38168840.9615.25220.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.GenericKD.38168840.9615.25220.exe

Resource

win10-en-20211104

persistence upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://raw.githubusercontent.com/sqlitey/sqlite/master/speed.ps1

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKD.38168840.9615.25220
- Size
  
  4.6MB
- MD5
  
  7faddf1721f8f471bcbbd735e4032e1a
- SHA1
  
  9e1aadf3e0cd2642365599236e2dd9eaf1ab9aa9
- SHA256
  
  4a6a29e358327ac53ec209cfa4e32d73286413bdeaa2da4c80b8109b7906de5c
- SHA512
  
  cf55867f2995be8ae4c6083bd9d1972630f4ab2435f65918ca9510d356c64a3b043fdc90d0ccc4c03c0144bcbd70c8bf01ede271c9b0663bd2ae9f8c0e7ccc53
Score

10^/10

persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Blocklisted process makes network request
- Modifies RDP port number used by Windows
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy