General

  • Target

    f66e03c26afac344b4e38345b26ce104f7131ed81e4f4961d43bd35df83493a5

  • Size

    830KB

  • Sample

    220201-tex2paheb2

  • MD5

    88b248a05743faba0f5b1ccb729c7d4e

  • SHA1

    9d3f43f258210f2f647e22a9c43c95a59c863e64

  • SHA256

    f66e03c26afac344b4e38345b26ce104f7131ed81e4f4961d43bd35df83493a5

  • SHA512

    be9c6a11fea6f0e93530580ace14865966c793a6e3c8e2a5f17d14da62d9a56868e67e20a45ae351c161149fd1fc691a45ab96305a06383cb13ba066ebd3b35d

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      f66e03c26afac344b4e38345b26ce104f7131ed81e4f4961d43bd35df83493a5

    • Size

      830KB

    • MD5

      88b248a05743faba0f5b1ccb729c7d4e

    • SHA1

      9d3f43f258210f2f647e22a9c43c95a59c863e64

    • SHA256

      f66e03c26afac344b4e38345b26ce104f7131ed81e4f4961d43bd35df83493a5

    • SHA512

      be9c6a11fea6f0e93530580ace14865966c793a6e3c8e2a5f17d14da62d9a56868e67e20a45ae351c161149fd1fc691a45ab96305a06383cb13ba066ebd3b35d

    Score
    10/10
    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

    • Sets service image path in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks