Overview

overview

10

Static

static

37402cd487...ac.exe

windows7_x64

10

37402cd487...ac.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac

  • Size

    1.3MB

  • Sample

    220705-yzr4dscfap

  • MD5

    4c6aa8c110669a6662c06c7d6b38ba35

  • SHA1

    4dd07af4c8402364e079ee09c1b067a88ffbb799

  • SHA256

    37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac

  • SHA512

    a5c33bc0c55cd1429898f42b12ed4b10e21652129c445ac021533f0bcd653dc90c1686d7a71b2a70edd971f7826d5ea0e74fd7f5affb287518c17a4a8bae458e

Score
10/10
persistencesuricataupx

Malware Config

Targets

    • Target

      37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac

    • Size

      1.3MB

    • MD5

      4c6aa8c110669a6662c06c7d6b38ba35

    • SHA1

      4dd07af4c8402364e079ee09c1b067a88ffbb799

    • SHA256

      37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac

    • SHA512

      a5c33bc0c55cd1429898f42b12ed4b10e21652129c445ac021533f0bcd653dc90c1686d7a71b2a70edd971f7826d5ea0e74fd7f5affb287518c17a4a8bae458e

    Score
    10/10
    persistencesuricataupx

    • Modifies WinLogon for persistence

      persistence

    • suricata: ET MALWARE DNS Reply Sinkhole Microsoft NO-IP Domain

      suricata: ET MALWARE DNS Reply Sinkhole Microsoft NO-IP Domain

      suricata

    • suricata: ET MALWARE Win32/Ramnit Checkin

      suricata: ET MALWARE Win32/Ramnit Checkin

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks