General

  • Target

    f3196cb8288afe0c9e64778d9d82e4ad482153b916547809861f6d95677646fa

  • Size

    721KB

  • Sample

    220201-tez62sheb3

  • MD5

    aa4ec0d3a5ad9d037a128f3448744713

  • SHA1

    7fbfaa047b28095b6a333cae56893583ed714bf0

  • SHA256

    f3196cb8288afe0c9e64778d9d82e4ad482153b916547809861f6d95677646fa

  • SHA512

    a6650a4c46527f8ae1cf81446e13629f9c15f20fdba79a50dc9f8999ff330925fa0b9c27a94fd45b9c56acc3c534e0099fa9e90c2c6eb7886236ce6107156478

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      f3196cb8288afe0c9e64778d9d82e4ad482153b916547809861f6d95677646fa

    • Size

      721KB

    • MD5

      aa4ec0d3a5ad9d037a128f3448744713

    • SHA1

      7fbfaa047b28095b6a333cae56893583ed714bf0

    • SHA256

      f3196cb8288afe0c9e64778d9d82e4ad482153b916547809861f6d95677646fa

    • SHA512

      a6650a4c46527f8ae1cf81446e13629f9c15f20fdba79a50dc9f8999ff330925fa0b9c27a94fd45b9c56acc3c534e0099fa9e90c2c6eb7886236ce6107156478

    Score
    10/10
    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

    • Sets service image path in registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks