b43f9d1d81734d9f900e7047378d0aed67741fbf22c1b1b753a70677551ea49b | Triage

Submit
Reports

Overview

overview

Static

static

DriverPack...ay.exe

windows10-2004_x64

DriverPack...ay.exe

windows11_x64

Sharing

General

Target

'Infected' (DriverPack).zip
Size

8.4MB
Sample

220628-rr6hgsbgb3
MD5

c82014d6d6f294a605558fb3a9c0e89e
SHA1

f5aaa7fb0379f54b447790abb1ee28757634e985
SHA256

b43f9d1d81734d9f900e7047378d0aed67741fbf22c1b1b753a70677551ea49b
SHA512

c0b922955921c5a2b57c225ff1bf2ca1245410cbdd63b7d3107270b2351a4928ed5713b6a062d18a53efebdf2d1941f27cff2fb9be593f725a12cf632a5fceed

Score

10^/10

google discovery evasion phishing suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

DriverPack-17-Online_1093417767.1656424261__fw7jsfwkaom0pay.exe

Resource

win10v2004-20220414-en

google discovery evasion phishing suricata upx

windows10-2004_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DriverPack-17-Online_1093417767.1656424261__fw7jsfwkaom0pay.exe

Resource

win11-20220223-en

windows11_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DriverPack-17-Online_1093417767.1656424261__fw7jsfwkaom0pay.exe
- Size
  
  8.6MB
- MD5
  
  ff95f4df8c378534fb1a0978a1af81de
- SHA1
  
  4b9d7167774a89fd9cad3093341e2cab2913f96b
- SHA256
  
  610b44ef29643f5bfc1bf571e13e92155856eabac8706f45ea040da2ed48ea14
- SHA512
  
  0f2014cfccd29806db02c84adeb8b673b4d07b8c38795e6b47d73d91ba6c90d4645a636b6f29684fdc3a6f0aa4889645cd60b6401e82a7d22b6fc12030354db4
Score

10^/10

google discovery evasion phishing suricata upx
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand google.
  phishing google
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

googlediscoveryevasionphishingsuricataupx

behavioral2

© 2018-2024

Terms | Privacy