4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4 | Triage

Submit
Reports

Overview

overview

Static

static

8

4e66403a14...c4.exe

windows7-x64

4e66403a14...c4.exe

windows10-2004-x64

Sharing

General

Target

4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4
Size

331KB
Sample

220720-wbje8sdggq
MD5

6d0e4c5ef82e34b53b10552094a5f274
SHA1

c081c29c5ea4e1dd29d39c533c2fc50edb5a1287
SHA256

4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4
SHA512

cdba1676ca6f79d082602a2ed3111879154f9f2bba8e221e8520bbdc642514915926aac8c4f55832039ba842aef1296aac7293aba6ad4ba5ac95019fcf54af87

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4.exe

Resource

win7-20220715-en

evasion persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4.exe

Resource

win10v2004-20220414-en

evasion persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4
- Size
  
  331KB
- MD5
  
  6d0e4c5ef82e34b53b10552094a5f274
- SHA1
  
  c081c29c5ea4e1dd29d39c533c2fc50edb5a1287
- SHA256
  
  4e66403a14ee87c5b62f4bfbb511ea97dcb025ff83046396e19a68010a1504c4
- SHA512
  
  cdba1676ca6f79d082602a2ed3111879154f9f2bba8e221e8520bbdc642514915926aac8c4f55832039ba842aef1296aac7293aba6ad4ba5ac95019fcf54af87
Score

10^/10

evasion persistence trojan upx
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy