0185b248c978f772b9fbb270068fff6f8326e804527256e7bef474645b1cc6d4 | Triage

Sharing

General

Target

0185b248c978f772b9fbb270068fff6f8326e804527256e7bef474645b1cc6d4
Size

336KB
Sample

220919-adxjzsgah5
MD5

8c466a7f6dcb3629da72a7f3569c6ab1
SHA1

70d3e43662b1b7465bc85380c09c4e732c8283e7
SHA256

0185b248c978f772b9fbb270068fff6f8326e804527256e7bef474645b1cc6d4
SHA512

34900a5aac57f6e6dcee02f89cc677204c7dad89228a8d61125c484a3d4dbdaf6e82c118ca350fc8423e29dc4a7a501e337083af8ef3c991847390dcf8ae76cb
SSDEEP

6144:yJNvOYo8M+3epvFJF0E1BwUMQa5hwigeXKCvaRD6+rRiLEmUxkRpVUyKv9m6l:a2N8ORBwXlhngSKCyRD6+rU2xkRu9m6l

Score

8^/10

evasion persistence upx

Malware Config

Targets

- Target
  
  0185b248c978f772b9fbb270068fff6f8326e804527256e7bef474645b1cc6d4
- Size
  
  336KB
- MD5
  
  8c466a7f6dcb3629da72a7f3569c6ab1
- SHA1
  
  70d3e43662b1b7465bc85380c09c4e732c8283e7
- SHA256
  
  0185b248c978f772b9fbb270068fff6f8326e804527256e7bef474645b1cc6d4
- SHA512
  
  34900a5aac57f6e6dcee02f89cc677204c7dad89228a8d61125c484a3d4dbdaf6e82c118ca350fc8423e29dc4a7a501e337083af8ef3c991847390dcf8ae76cb
- SSDEEP
  
  6144:yJNvOYo8M+3epvFJF0E1BwUMQa5hwigeXKCvaRD6+rRiLEmUxkRpVUyKv9m6l:a2N8ORBwXlhngSKCyRD6+rU2xkRu9m6l
Score

8^/10

evasion persistence upx
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2