4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e | Triage

Submit
Reports

Overview

overview

Static

static

4c6cc49798...4e.exe

windows7_x64

4c6cc49798...4e.exe

windows10-2004_x64

Sharing

General

Target

4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e
Size

892KB
Sample

220520-3s54wscdar
MD5

53ac2a5394f8713b3c66ba21103ff707
SHA1

5e38feca1c8fba6746ad331f4d6435206007b1d0
SHA256

4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e
SHA512

2ad8414a213082bba37b8fa191f2244d1a3b558a98cf19aaee241427410411b8f3c31daf29468458bec58de71c389f715b1fd8a2348d85b98355f85f83e3da4d

Score

10^/10

evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e.exe

Resource

win7-20220414-en

evasion persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e.exe

Resource

win10v2004-20220414-en

evasion persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e
- Size
  
  892KB
- MD5
  
  53ac2a5394f8713b3c66ba21103ff707
- SHA1
  
  5e38feca1c8fba6746ad331f4d6435206007b1d0
- SHA256
  
  4c6cc49798a17cc509fab09a8f8618c869f6b1485d2fd673ba89842357b90c4e
- SHA512
  
  2ad8414a213082bba37b8fa191f2244d1a3b558a98cf19aaee241427410411b8f3c31daf29468458bec58de71c389f715b1fd8a2348d85b98355f85f83e3da4d
Score

10^/10

evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy