eb62a2999e8fe9cc49685bd090564c29d1d81b642b2df67c7ac2c6c13e9efd8f

Sharing

Copy URL

Twitter E-mail

General

Target

eb62a2999e8fe9cc49685bd090564c29d1d81b642b2df67c7ac2c6c13e9efd8f
Size

791KB
Sample

220520-gcclracca7
MD5

891be7dab2710d764004b562cc0b13ca
SHA1

0fc72356b563992c6b9c364a8ddbeac9afc78ce2
SHA256

eb62a2999e8fe9cc49685bd090564c29d1d81b642b2df67c7ac2c6c13e9efd8f
SHA512

c28f0f0493f5630c383edb5f18e9bdb01968f9d7f7c267d27a09e5a67e7ed11cdfdfd0701d45705eff1df262150d6d2034a764470a186e0d25e6b05f9eceb8fb

Score

10^/10

evasion upx

Malware Config

Targets

- Target
  
  Conficker binaries/1DB5476C766555C9995B25D19F97B9BC.EXE
- Size
  
  84KB
- MD5
  
  1db5476c766555c9995b25d19f97b9bc
- SHA1
  
  f509f352e4ee0f8d8ee2902721ae3a15799baba1
- SHA256
  
  02137e9426258e8d1186dc21ee344ffc5cdb3f068a6600ba1897fd9d27ccba43
- SHA512
  
  229badb4811990e692444bf93cf804cef087ea4333292d26cea4aeeb63e40d8d0780cf9b9663bb0c4dcdf2e9f15d24ccee80a4d236718475aeb0700adb6a2701
Score

5^/10
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Conficker binaries/223D8089F8EE82F8B05266BAECAAC61E.DLL
- Size
  
  56KB
- MD5
  
  223d8089f8ee82f8b05266baecaac61e
- SHA1
  
  6ede5f34e8717b470de10e56c99adc7c47307842
- SHA256
  
  a3617214a291590239cc686f97ef76841215ab0fd70bf35696e70b8f696a78de
- SHA512
  
  48accb32d1bd0f3c43f34518aa6872c3800449589573cc32719a2a0bd9fd4ae7ab07f964f9687eef9480c88e71bbb60c7d24b94a90ababb35df05a993b55eb58
Score

8^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral3 behavioral4
- Target
  
  Conficker binaries/BD35D4D98FCBB1EC0E090FD2C631BAA5.DLL
- Size
  
  62KB
- MD5
  
  bd35d4d98fcbb1ec0e090fd2c631baa5
- SHA1
  
  e48b2fcb09ada376895fc838a9c3c9e233c2ffba
- SHA256
  
  7b603982ded5d5e51fee8acce7c9be5e16be97330ef6036a461d5a5ed83e4829
- SHA512
  
  8946f19a085c5d590edb24faee28ed840333528a538a2c251f30a28c71ce9ae78e1d919ce286c124d0aa18749b1b30718b78baae43681480fdd5e7f3ba0fa863
Score

1^/10
behavioral5 behavioral6
- Target
  
  Conficker binaries/CC7EDB2E4300AC539259F3FFDE0F1AB6.DLL
- Size
  
  55KB
- MD5
  
  cc7edb2e4300ac539259f3ffde0f1ab6
- SHA1
  
  692caa0d6fd13028bec25cdca15f13522d1b3a7d
- SHA256
  
  f9ad7be3c4f8cf06d2f5f1784c8c9eae81f15559a2c906a2ded9ba51cc659e09
- SHA512
  
  ec96df9d96f772b2b901397ae660f906c708f15f575955e3eaa56d8abbe05fca9348942c9ca0a6052039b72c2f3a2d1abf960acdb131b597af2f8d76c1850ec1
Score

5^/10
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  Conficker binaries/CC7EDB2E4300AC539259F3FFDE0F1AB6.EXE
- Size
  
  55KB
- MD5
  
  cc7edb2e4300ac539259f3ffde0f1ab6
- SHA1
  
  692caa0d6fd13028bec25cdca15f13522d1b3a7d
- SHA256
  
  f9ad7be3c4f8cf06d2f5f1784c8c9eae81f15559a2c906a2ded9ba51cc659e09
- SHA512
  
  ec96df9d96f772b2b901397ae660f906c708f15f575955e3eaa56d8abbe05fca9348942c9ca0a6052039b72c2f3a2d1abf960acdb131b597af2f8d76c1850ec1
Score

5^/10
- Drops file in System32 directory
behavioral9 behavioral10
- Target
  
  Conficker binaries/CE18A72735FEB7A315B947DC0986009D.DLL
- Size
  
  61KB
- MD5
  
  ce18a72735feb7a315b947dc0986009d
- SHA1
  
  6d2ffc85bf7618d4327bfefdbd3bccffcae96902
- SHA256
  
  a8ca6723215da21f66e66723089d64bbdd6e555011f0b287140791c207883a6b
- SHA512
  
  f613d8be45b5043c1e30554b23b8b7380e529e70e5a0bb9fffcf10a310c5f4950349574fa7d52ec5dc9bd8330f3cb5ad31f7bd0242f16f96d85d7e3326bca76d
Score

5^/10
- Drops file in System32 directory
behavioral11 behavioral12
- Target
  
  Conficker binaries/D9CB288F317124A0E63E3405ED290765.DLL
- Size
  
  61KB
- MD5
  
  d9cb288f317124a0e63e3405ed290765
- SHA1
  
  5815b13044fc9248bf7c2dba771f0e6496d9e536
- SHA256
  
  bacc62584144981a57516b1bfcb4350d511f2fe89197a7605e3cdff645416dc1
- SHA512
  
  540bdca9e84ad7efd968f3eca59a6ccd35fb5f1a6df489b06b199a7d3075e8ba305554579d2a37734a38f33d4e0886797b75d5f34319a851d68add1b180f864b
Score

5^/10
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  Conficker binaries/bd35d4d98fcbb1ec0e090fd2c631baa5.EXE
- Size
  
  62KB
- MD5
  
  bd35d4d98fcbb1ec0e090fd2c631baa5
- SHA1
  
  e48b2fcb09ada376895fc838a9c3c9e233c2ffba
- SHA256
  
  7b603982ded5d5e51fee8acce7c9be5e16be97330ef6036a461d5a5ed83e4829
- SHA512
  
  8946f19a085c5d590edb24faee28ed840333528a538a2c251f30a28c71ce9ae78e1d919ce286c124d0aa18749b1b30718b78baae43681480fdd5e7f3ba0fa863
Score

5^/10
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  Conficker binaries/jwgkvsq.vmx
- Size
  
  161KB
- MD5
  
  c3852074ee50da92c2857d24471747d9
- SHA1
  
  7910076ec1e60326409408fc042c89e96aefefa1
- SHA256
  
  cfc5bef5b3a8bd21d5b9748832db14f6966154867c946564e003e0febf2b6c92
- SHA512
  
  409faf818f9c1ee034decf1ff7c4727b2bcfd5b45ed6e30a45c3d6b46e3c437fc9d26441df174fbeb585ca8ce0a0fcdc4222815b34d582b6d08eadeb652e3aa8
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
behavioral17 behavioral18
- Target
  
  Conficker binaries/jwgkvsq4.vmx
- Size
  
  167KB
- MD5
  
  8c9367b7dc43dadaa3ec9da767c586cf
- SHA1
  
  5fd0af3aac0c54d4858a50f0e62d6b5a2035d97a
- SHA256
  
  732b6aa48c1ba35e7c302bb77e14d8b4a7f908209a5d4606c2732ae2611a08ef
- SHA512
  
  f4fe5da612cc3c90c94bf631fbefae3430a5f7d7ad093795a2f70e22a67076216c49751918bc4b339de1a2f398894218cb56164a0013faf359aba1cf5f521c49
Score

10^/10

evasion
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral19 behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Blocklisted process makes network request

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

Drops file in System32 directory

Modifies visibility of file extensions in Explorer

Modifies visiblity of hidden/system files in Explorer

Modifies visibility of file extensions in Explorer

Modifies visiblity of hidden/system files in Explorer

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20