d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd | Triage

Submit
Reports

Overview

overview

Static

static

d3646755d0...bd.exe

windows7_x64

d3646755d0...bd.exe

windows10-2004_x64

Sharing

General

Target

d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
Size

10.1MB
Sample

220521-m3lj8sgaen
MD5

0853a6271139698af5c151ae21ae25c7
SHA1

38be19e9cfdb273f24ad89df4a9fbf2305e7b86e
SHA256

d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
SHA512

bdf7de79e3fdda70d8e03b5dfa7d739c127f08b46f509ad6df86c89baa2e4484d1365e897da03003c313d2ecf1a29beec324dd54ef3e2b7ea892eaa25b1d93fa

Score

10^/10

evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd.exe

Resource

win7-20220414-en

evasion persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd.exe

Resource

win10v2004-20220414-en

evasion persistence trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
- Size
  
  10.1MB
- MD5
  
  0853a6271139698af5c151ae21ae25c7
- SHA1
  
  38be19e9cfdb273f24ad89df4a9fbf2305e7b86e
- SHA256
  
  d3646755d0b0d8789cd5dc6285fe8bf77696c1330f58b7c27d6fc97b0b6bf4bd
- SHA512
  
  bdf7de79e3fdda70d8e03b5dfa7d739c127f08b46f509ad6df86c89baa2e4484d1365e897da03003c313d2ecf1a29beec324dd54ef3e2b7ea892eaa25b1d93fa
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy