Resubmissions

23-09-2022 03:44

220923-eaf52sghgp 8

21-09-2022 16:46

220921-t92y5agga2 8

General

  • Target

    Chew7.iso

  • Size

    1.7MB

  • Sample

    220921-t92y5agga2

  • MD5

    d7de5626221ee901d81c9b806d433cdf

  • SHA1

    ed958d332580603f6cba3f9f2b78c428f870235e

  • SHA256

    2d10cd1527d82331bcf273069f3f1cee83baf50f17267c51689793d3e4639b72

  • SHA512

    9d2faf61d649319762f9139b098d80a7f9bedc9d188528ea463dc8d2d5dfd223228362f462f07618bc25089fafd6b3df59369182bc27bdd244d08ee9f5dfd3ad

  • SSDEEP

    49152:oA3alq/Auj1YD/tmtPIr1PrYD/tmtPIr1Pu:oaY0tgrVY0tgr

Malware Config

Targets

    • Target

      Chew7.exe

    • Size

      1.6MB

    • MD5

      7e91139648b5a14b483486c053d5f4d0

    • SHA1

      78ec7fcb573d3ebb9b5110f9319380cc4b510b12

    • SHA256

      f747a7679964d088e75fa60241238669104107280feacf29cd0041f1f82e16b7

    • SHA512

      50f9e0346c2dbb5c4f945cd1e88ca3bace3439e54c378ffd475dbc692617d535fa3bed8c2b52436303cb46ca3db49173849fbfadb1a693aea0a87b523de3948d

    • SSDEEP

      49152:jA3alq/Auj1YD/tmtPIr1PrYD/tmtPIr1Pu:jaY0tgrVY0tgr

    • Executes dropped EXE

    • Possible privilege escalation attempt

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Modifies file permissions

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Permissions Modification

1
T1222

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Process Discovery

1
T1057

Tasks