e72fe93d527e4d3b56c8265fb7f0bd5c8b028850114aeb17723256ec1b7e739d | Triage

Sharing

General

Target

e72fe93d527e4d3b56c8265fb7f0bd5c8b028850114aeb17723256ec1b7e739d
Size

340KB
Sample

221004-bg171sfad4
MD5

08417fcedfa1286f1142d0c577089e03
SHA1

5c2d13fd615ec656cfa98673c08e23501c8de102
SHA256

e72fe93d527e4d3b56c8265fb7f0bd5c8b028850114aeb17723256ec1b7e739d
SHA512

e8ce666126f1a937cdabb848400626490a618300c4444d6c4737b0828334e9f513ca6e05c2cb9c5d0e98b0e4b5a0a04ded4438e72d5df3debf5a935809a551da
SSDEEP

6144:2zzRQ0mQJJBUxVAUpLvaEHKfx+jlC9hIRVE8p1f0AIVDTWRsrBCB3v:+zemJJBSjTaEgIkIAzDVD/Yf

Score

8^/10

evasion persistence upx

Malware Config

Targets

- Target
  
  e72fe93d527e4d3b56c8265fb7f0bd5c8b028850114aeb17723256ec1b7e739d
- Size
  
  340KB
- MD5
  
  08417fcedfa1286f1142d0c577089e03
- SHA1
  
  5c2d13fd615ec656cfa98673c08e23501c8de102
- SHA256
  
  e72fe93d527e4d3b56c8265fb7f0bd5c8b028850114aeb17723256ec1b7e739d
- SHA512
  
  e8ce666126f1a937cdabb848400626490a618300c4444d6c4737b0828334e9f513ca6e05c2cb9c5d0e98b0e4b5a0a04ded4438e72d5df3debf5a935809a551da
- SSDEEP
  
  6144:2zzRQ0mQJJBUxVAUpLvaEHKfx+jlC9hIRVE8p1f0AIVDTWRsrBCB3v:+zemJJBSjTaEgIkIAzDVD/Yf
Score

8^/10

evasion persistence upx
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2