4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a | Triage

Submit
Reports

Overview

overview

Static

static

4a82895325...7a.exe

windows7_x64

4a82895325...7a.exe

windows10-2004_x64

Sharing

General

Target

4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a
Size

502KB
Sample

220707-ak6q8schg2
MD5

d1f11654b552fc73c74548de914aaad5
SHA1

61cab1d17ae4cccdb6e7a1d8c50a830c7a1a9042
SHA256

4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a
SHA512

76865b1fc5c027327fe958caa0ecca7b119b2170976816a2fc343eafdbe3d7ee6e4d9661263e9184fd065e979905767aee118b3b0f65f605b886a7d50d20e74c

Score

10^/10

evasion persistence suricata trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a.exe

Resource

win7-20220414-en

evasion persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a.exe

Resource

win10v2004-20220414-en

evasion persistence suricata trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a
- Size
  
  502KB
- MD5
  
  d1f11654b552fc73c74548de914aaad5
- SHA1
  
  61cab1d17ae4cccdb6e7a1d8c50a830c7a1a9042
- SHA256
  
  4a8289532528cec1a4c6976a2b92cd15d17b88bf49e802af8005b42d350e3b7a
- SHA512
  
  76865b1fc5c027327fe958caa0ecca7b119b2170976816a2fc343eafdbe3d7ee6e4d9661263e9184fd065e979905767aee118b3b0f65f605b886a7d50d20e74c
Score

10^/10

evasion persistence trojan upx suricata
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- suricata: ET MALWARE Win32/Ramnit Checkin
  suricata: ET MALWARE Win32/Ramnit Checkin
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencesuricatatrojanupx

© 2018-2024

Terms | Privacy