Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4122524776c195199816a4e57635c7d32f15aa2e9080feb32ae0c2b05446a23

  • Size

    1.3MB

  • Sample

    220925-md65msecg3

  • MD5

    e87958faafc944de105df5d77166543f

  • SHA1

    a6624993a89299038e5cda27b48f77313d02dfd5

  • SHA256

    c4122524776c195199816a4e57635c7d32f15aa2e9080feb32ae0c2b05446a23

  • SHA512

    56b886f4e9dcf9629242b07e46c6619d7f7ed716c9738438c4973f1c951ff5da0be51babb7d6b49f7f1555a4810c3974d9fd6a3d591992d91b9f78f32413836f

  • SSDEEP

    24576:+yIOTaHGeTylZra0y3uZIy+o87vbvLBq97N/3KjLOTR8:N3aHGeu7Py+Bf87TvLA97JsD

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      c4122524776c195199816a4e57635c7d32f15aa2e9080feb32ae0c2b05446a23

    • Size

      1.3MB

    • MD5

      e87958faafc944de105df5d77166543f

    • SHA1

      a6624993a89299038e5cda27b48f77313d02dfd5

    • SHA256

      c4122524776c195199816a4e57635c7d32f15aa2e9080feb32ae0c2b05446a23

    • SHA512

      56b886f4e9dcf9629242b07e46c6619d7f7ed716c9738438c4973f1c951ff5da0be51babb7d6b49f7f1555a4810c3974d9fd6a3d591992d91b9f78f32413836f

    • SSDEEP

      24576:+yIOTaHGeTylZra0y3uZIy+o87vbvLBq97N/3KjLOTR8:N3aHGeu7Py+Bf87TvLA97JsD

    Score
    10/10
    persistenceevasiontrojan

    • Detects Arechclient2 RAT

      Arechclient2.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks