General

  • Target

    346c08fc3439a0619903ca25ed0b951e07096701eeb094bdab3770611328873e

  • Size

    2.2MB

  • Sample

    220129-xsq23sgfa7

  • MD5

    b1e5a284b0064758d65c5fc0e201db35

  • SHA1

    6e9c2ac3fbf1bf2003595886f9e45f5d3f021c94

  • SHA256

    346c08fc3439a0619903ca25ed0b951e07096701eeb094bdab3770611328873e

  • SHA512

    dab91c35248016f3950feaffbe6e0d31c11d20cfa70711c6511fc54446540db09f2d68b9cb4102ecda6525dce446ad11e366ee26477c8f13ca5ea54ce9ebd973

Malware Config

Targets

    • Target

      346c08fc3439a0619903ca25ed0b951e07096701eeb094bdab3770611328873e

    • Size

      2.2MB

    • MD5

      b1e5a284b0064758d65c5fc0e201db35

    • SHA1

      6e9c2ac3fbf1bf2003595886f9e45f5d3f021c94

    • SHA256

      346c08fc3439a0619903ca25ed0b951e07096701eeb094bdab3770611328873e

    • SHA512

      dab91c35248016f3950feaffbe6e0d31c11d20cfa70711c6511fc54446540db09f2d68b9cb4102ecda6525dce446ad11e366ee26477c8f13ca5ea54ce9ebd973

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Tasks