General

  • Target

    11771a6754c1edb3b5a3afd972716f49222a69e6e6caa94c4cd6933ab50ca9e8

  • Size

    277KB

  • Sample

    220604-ehvy6shcg8

  • MD5

    8c1b36b24a67666740ebed501c1280c5

  • SHA1

    180af0ea1cd6c180ae5dcf91fbe13c585af40282

  • SHA256

    11771a6754c1edb3b5a3afd972716f49222a69e6e6caa94c4cd6933ab50ca9e8

  • SHA512

    fb58aa4aef8e0c4f239884ca229405934de696c36d5a44cf36bb4b91a60ef3b0428b70cbaedc3a8f735771ea049f9631a06b5860473c49f008108e3d47935dab

Score
8/10

Malware Config

Targets

    • Target

      11771a6754c1edb3b5a3afd972716f49222a69e6e6caa94c4cd6933ab50ca9e8

    • Size

      277KB

    • MD5

      8c1b36b24a67666740ebed501c1280c5

    • SHA1

      180af0ea1cd6c180ae5dcf91fbe13c585af40282

    • SHA256

      11771a6754c1edb3b5a3afd972716f49222a69e6e6caa94c4cd6933ab50ca9e8

    • SHA512

      fb58aa4aef8e0c4f239884ca229405934de696c36d5a44cf36bb4b91a60ef3b0428b70cbaedc3a8f735771ea049f9631a06b5860473c49f008108e3d47935dab

    Score
    8/10
    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks