Overview

overview

8

Static

static

4399ad5229...d8.exe

windows7-x64

8

4399ad5229...d8.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4399ad52298bbbcb1d36a2c3f4eea6d059ab87002e51540e768e178e6fac58d8

  • Size

    160KB

  • Sample

    221001-3p5nysccc7

  • MD5

    6ad94d836d6f368cc410228b531c8275

  • SHA1

    2cfd35d5078c3b01bad8f764388d9085df80f033

  • SHA256

    4399ad52298bbbcb1d36a2c3f4eea6d059ab87002e51540e768e178e6fac58d8

  • SHA512

    b3f012a9f518bbea4a3911abe0e55a5f60477df3b4b329c1a8825c4b0f903d43c36977d77ea414a0f04cf1a45f6a9164629cbc98aa65f9be27c930cced09268c

  • SSDEEP

    1536:3+gDbKlmyJKz5jR7766dxocisPfDsCUjhe+SPBp9oEoTTLgY++++1sY+++++ZDdM:3xbkuVbvLn7Uj3

Score
8/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      4399ad52298bbbcb1d36a2c3f4eea6d059ab87002e51540e768e178e6fac58d8

    • Size

      160KB

    • MD5

      6ad94d836d6f368cc410228b531c8275

    • SHA1

      2cfd35d5078c3b01bad8f764388d9085df80f033

    • SHA256

      4399ad52298bbbcb1d36a2c3f4eea6d059ab87002e51540e768e178e6fac58d8

    • SHA512

      b3f012a9f518bbea4a3911abe0e55a5f60477df3b4b329c1a8825c4b0f903d43c36977d77ea414a0f04cf1a45f6a9164629cbc98aa65f9be27c930cced09268c

    • SSDEEP

      1536:3+gDbKlmyJKz5jR7766dxocisPfDsCUjhe+SPBp9oEoTTLgY++++1sY+++++ZDdM:3xbkuVbvLn7Uj3

    Score
    8/10
    evasionpersistencetrojanupx

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks