General

  • Target

    b98b3fa7ea72fc1e64b65e592889c71959d975b3775f8a71d289998f4990ebda

  • Size

    87KB

  • Sample

    220122-a8qpxsffg4

  • MD5

    735cbea8c447455699ef578f4b9aa3b1

  • SHA1

    9aaa024aa6b77d4720fa59e203335c6c6e287335

  • SHA256

    b98b3fa7ea72fc1e64b65e592889c71959d975b3775f8a71d289998f4990ebda

  • SHA512

    b992850005d1735874a4e5fc340fe812d86d10e6e55f8faf198137134b37dba743af6a3247f148efffb3f16aac6653147f80e774e1dc2d31933f678c4b288511

Malware Config

Targets

    • Target

      b98b3fa7ea72fc1e64b65e592889c71959d975b3775f8a71d289998f4990ebda

    • Size

      87KB

    • MD5

      735cbea8c447455699ef578f4b9aa3b1

    • SHA1

      9aaa024aa6b77d4720fa59e203335c6c6e287335

    • SHA256

      b98b3fa7ea72fc1e64b65e592889c71959d975b3775f8a71d289998f4990ebda

    • SHA512

      b992850005d1735874a4e5fc340fe812d86d10e6e55f8faf198137134b37dba743af6a3247f148efffb3f16aac6653147f80e774e1dc2d31933f678c4b288511

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Tasks