37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb

General

Target

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb
Size

316KB
Sample

220625-2k4enaghc2
MD5

40a96c42e50077f03f9873a696427b0c
SHA1

5932ee55845edbeb10c7bc612b88eb2f1c7316cd
SHA256

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb
SHA512

45883c375d9384a99065db8e33778647e31ca7c16baee5f46ef859baf21954b72b7e100ef96adaf3e581cff8a60ee0d91ebe98b364ef9ad7eb3bf0d6efc64b84

Score

10^/10

Malware Config

Targets

- Target
  
  37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb
- Size
  
  316KB
- MD5
  
  40a96c42e50077f03f9873a696427b0c
- SHA1
  
  5932ee55845edbeb10c7bc612b88eb2f1c7316cd
- SHA256
  
  37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb
- SHA512
  
  45883c375d9384a99065db8e33778647e31ca7c16baee5f46ef859baf21954b72b7e100ef96adaf3e581cff8a60ee0d91ebe98b364ef9ad7eb3bf0d6efc64b84
Score

10^/10

evasion persistence trojan upx suricata
- Modifies WinLogon for persistence
  persistence
- suricata: ET MALWARE Possible Emotet DGA NXDOMAIN Responses
  suricata: ET MALWARE Possible Emotet DGA NXDOMAIN Responses
  suricata
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2

T1004

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

5

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies WinLogon for persistence

suricata: ET MALWARE Possible Emotet DGA NXDOMAIN Responses

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Modifies Installed Components in the registry

UPX packed file

Loads dropped DLL

Adds Run key to start application

Checks whether UAC is enabled

Modifies WinLogon

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2