Overview

overview

10

Static

static

8

36104d9b78...d3.exe

windows7_x64

10

36104d9b78...d3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3

  • Size

    1.4MB

  • Sample

    220127-yxnyyshfhr

  • MD5

    bfec415733961b718a05c9890f4a06a7

  • SHA1

    292a6a024f5e7995b4ae1b37132f464bf65a914d

  • SHA256

    36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3

  • SHA512

    b332eb7eabeac58120e27bf7685b1d72cd0418ea8e97a4982f90cb9997b3e57ebc9b5407cb7b9eeb7b2673f3b12d6afe22cadd9068fb47f9fe3b1d76c0cb1d86

Score
10/10
metasploitbackdoordiscoverypersistencespywarestealertrojanupx

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

C2

http://dazqc4f140wtl.cloudfront.net:80/ZZYO

Targets

    • Target

      36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3

    • Size

      1.4MB

    • MD5

      bfec415733961b718a05c9890f4a06a7

    • SHA1

      292a6a024f5e7995b4ae1b37132f464bf65a914d

    • SHA256

      36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3

    • SHA512

      b332eb7eabeac58120e27bf7685b1d72cd0418ea8e97a4982f90cb9997b3e57ebc9b5407cb7b9eeb7b2673f3b12d6afe22cadd9068fb47f9fe3b1d76c0cb1d86

    Score
    10/10
    metasploitbackdoordiscoverypersistencespywarestealertrojanupx

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Blocklisted process makes network request

    • Sets DLL path for service in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks