Overview

overview

10

Static

static

10

PKSJ Malwa...87.exe

windows7-x64

1

PKSJ Malwa...87.exe

windows10-2004-x64

3

PKSJ Malwa...4d.exe

windows7-x64

8

PKSJ Malwa...4d.exe

windows10-2004-x64

8

PKSJ Malwa...c9.xls

windows7-x64

10

PKSJ Malwa...c9.xls

windows10-2004-x64

10

PKSJ Malwa...f9.doc

windows7-x64

10

PKSJ Malwa...f9.doc

windows10-2004-x64

10

PKSJ Malwa...30.pdf

windows7-x64

1

PKSJ Malwa...30.pdf

windows10-2004-x64

1

PKSJ Malwa...8d.exe

windows7-x64

1

PKSJ Malwa...8d.exe

windows10-2004-x64

1

PKSJ Malwa...fa.exe

windows7-x64

1

PKSJ Malwa...fa.exe

windows10-2004-x64

3

PKSJ Malwa...c8.doc

windows7-x64

10

PKSJ Malwa...c8.doc

windows10-2004-x64

10

PKSJ Malwa...03.doc

windows7-x64

1

PKSJ Malwa...03.doc

windows10-2004-x64

1

PKSJ Malwa...40.pdf

windows7-x64

1

PKSJ Malwa...40.pdf

windows10-2004-x64

1

PKSJ Malwa...4e.doc

windows7-x64

1

PKSJ Malwa...4e.doc

windows10-2004-x64

1

PKSJ Malwa...cd.pdf

windows7-x64

1

PKSJ Malwa...cd.pdf

windows10-2004-x64

1

PKSJ Malwa...7b.exe

windows7-x64

10

PKSJ Malwa...7b.exe

windows10-2004-x64

10

PKSJ Malwa...82.exe

windows7-x64

1

PKSJ Malwa...82.exe

windows10-2004-x64

3

PKSJ Malwa...6f.doc

windows7-x64

10

PKSJ Malwa...6f.doc

windows10-2004-x64

10

PKSJ Malwa...d2.doc

windows7-x64

1

PKSJ Malwa...d2.doc

windows10-2004-x64

1

Resubmissions

08-10-2022 00:17

221008-alen5seafl 10

07-10-2022 06:08

221007-gv6mjsbhhn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PKSJ Malware.zip

  • Size

    13.0MB

  • Sample

    221007-gv6mjsbhhn

  • MD5

    f364e0c7d99f303101114aa5affa3312

  • SHA1

    1663193c0b5fd858307a7d8ae5be9c823d7244e9

  • SHA256

    3a0f0986193d0dc5e03ca1229e2509287593c03247e32bb5424009bc35e80738

  • SHA512

    7b7b82a2a9ba7eb180893e59f8ca251bc15b7dfb1096a513cb8f75b710e5bf12d8d3552e5ad4e24df067ed898f74a051bc8389f0855712b645ae98f967c2d691

  • SSDEEP

    393216:jBMytqydJ/P6ucYTPZN91ZwBxF+CFa93lgf1:jaDyf/PFN91ZuIW9

Score
10/10
cobaltstrikeguloaderta505trickbotxmrig0ono33downloaderguloadermacromacro_on_actionminerpersistenceupx

Malware Config

Extracted

Family

cobaltstrike

Botnet

0

C2

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Attributes
  • access_type

    512

  • beacon_type

    256

  • create_remote_thread

    768

  • crypto_scheme

    256

  • host

    ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

  • http_header1

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • http_header2

    AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==

  • http_method1

    GET

  • http_method2

    POST

  • maxdns

    255

  • pipe_name

    \\%s\pipe\msagent_%x

  • polling_time

    5000

  • port_number

    443

  • sc_process32

    %windir%\syswow64\rundll32.exe

  • sc_process64

    %windir%\sysnative\rundll32.exe

  • state_machine

    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • unknown1

    4096

  • unknown2

    AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

  • uri

    /N4215/adj/amzn.us.sr.aps

  • user_agent

    Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

  • watermark

    0

Extracted

Family

trickbot

Version

1000501

Botnet

ono33

C2

5.182.210.226:443

5.182.210.120:443

185.65.202.183:443

212.80.217.243:443

85.143.218.249:443

194.5.250.178:443

198.15.119.121:443

107.175.87.142:443

185.14.31.72:443

188.165.62.2:443

194.5.250.179:443

198.15.119.71:443

185.14.29.4:443

185.99.2.202:443

192.3.193.162:443

89.191.234.89:443

195.54.32.12:443

31.131.21.30:443

5.34.177.194:443

190.214.13.2:449
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Extracted

Language
xlm4.0
Source

Extracted

Language
xlm4.0
Source

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://diwafashions.com/wp-admin/mqau6/
exe.dropper

http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
exe.dropper

http://dixartcontractors.com/cgi-bin/nnuv/
exe.dropper

http://diaspotv.info/wordpress/G/
exe.dropper

http://easyvisaoverseas.com/cgi-bin/v/

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://sandiegohomevalues.com/engl/4de-kzsyhu-768611/
exe.dropper

https://www.wenkawang.com/data/bofze0s-7ji4-15/
exe.dropper

https://www.bruidsfotograaf-utrecht.com/wp-includes/QLvFLy/
exe.dropper

http://ma.jopedu.com/img/8z8dl-3xn-655019278/
exe.dropper

http://pay.jopedu.com/ThinkPHP/l9okcguh6-b9nnrh7-96245524/

Extracted

Family

guloader

C2

https://eficadgdl.com/well/Omitted-Credentials_encrypted_6A17930.bin

xor.base64

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://www.prorites.com/wp-content/dsdb28de-kw0ch1msvi-003/
exe.dropper

https://www.silvesterinmailand.com/wp-content/uploads/ibvgux-yg4-03475/
exe.dropper

http://homemyland.net/tmp/wUHdeBS/
exe.dropper

https://www.celbra.com.br/old/wp-content/uploads/2019/mbwl6-lwu0psmcb-523/
exe.dropper

http://prihlaska.sagitta.cz/wp-content/uploads/WwcQXtRta/

Targets

    • Target

      PKSJ Malware/1/VirusShare_0a2d1ecedf3f79754aa2c18d62e75287

    • Size

      5.7MB

    • MD5

      0a2d1ecedf3f79754aa2c18d62e75287

    • SHA1

      4dc6c7ad46c152ee6ebf26488fd5136dd9acfa4f

    • SHA256

      e800fce6aadc7792b912abbb693aafe0905a5ab52bc92de9e2a50089de312be9

    • SHA512

      00be04178ca0451634ce16e6b5348b768e0bc017dc8b5c6fd9fef1a7110a305b0fa6f240ca486e76f8b13c5e6aae6a416229c63750fb5a98230fd740423fee4f

    • SSDEEP

      98304:hemTLkNdfE0pZaN56utgpPFotBER/mQ32lUW:w+156utgpPF8u/7W

    Score
    3/10
    behavioral1behavioral2

    • Target

      PKSJ Malware/1/VirusShare_0aee78510c46e3a200b6bc21ac1c954d

    • Size

      633KB

    • MD5

      0aee78510c46e3a200b6bc21ac1c954d

    • SHA1

      aa82dabf571edf16022381f9795376370d4ded7c

    • SHA256

      c7d63abc749b1f4e245bd377c11ca5857735491eddab5c176ae99a3b7bf9e0ca

    • SHA512

      ff963b0d7f3b90c5d261c101d44c6b8d595cd809ae9e8378fc85d0442d2322a6cc3899a9ec4d2d6e662de32879120a5ba07bb883a20cd2003618aa69f2806117

    • SSDEEP

      12288:Px/w9Fmh+HWMxs+KuwetXwuV9W0P5qUKbxqkSnY:PNAckHWCsZulAeRP5VKtqk4Y

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      PKSJ Malware/1/VirusShare_0fea640a7da27f365b3675f73626b9c9

    • Size

      937KB

    • MD5

      0fea640a7da27f365b3675f73626b9c9

    • SHA1

      fd4825f244e9c145486cb6930ad05695b9972668

    • SHA256

      64af94592f6707505fa6f42b58776c3635706a414e6362a92f707df84627679c

    • SHA512

      c9a10288762f3f5a3fdff17f8dd8560e7a884f1b83f405c2e85c6c86e42f69a30841c13aa0f2ecfc55aed42995d7aeb8fe40415e423ed0a306d2e7d00883dfbf

    • SSDEEP

      24576:h3zS0aqbCrxgFhFSQVB5DjDLG6/8otVBTN9s:K9Fo5VLDLGwTBT

    Score
    10/10
    ta505upx

    • TA505

      Cybercrime group active since 2015, responsible for families like Dridex and Locky.

      ta505

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      PKSJ Malware/1/VirusShare_1ba8249d8503c0cf7bc125588c43bef9

    • Size

      182KB

    • MD5

      1ba8249d8503c0cf7bc125588c43bef9

    • SHA1

      eb473c845c7474010ff35a3e8a169a9b6b9e5ebe

    • SHA256

      a44031feb2a71980a0980377c8f7b6f3b5b9dfa0f708556dd420be323c7e1a38

    • SHA512

      b5421ca474e8ccd30683b90a83e98c6ba74c8418201aaa923ba6c7805ef724b37dfabb74cfedccbb69e3fcf923635f64faa406f280057404f78957df3d840c8c

    • SSDEEP

      3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBU9asiv8Oc7V:9NO2k4PF7tGiL3HJk9rD7b9asiv8dZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      PKSJ Malware/1/VirusShare_3cd9a967b67fe69351e390195ca7a430

    • Size

      32KB

    • MD5

      3cd9a967b67fe69351e390195ca7a430

    • SHA1

      4e7f309d283182d76377ad02616a6a5933cac649

    • SHA256

      e96e3b90d9483a2e463fdda0edf27310ed10fbdb8a8b920c6480ca93bb2e1077

    • SHA512

      ffe9ffe8555ef0b914bdcaea5b50eb501c4b0d03726ab6f2baa0e5cf6875d9b0ac735679dbd03810d3f03905402f382bf32e3227bd2a11c0eef173082cb02273

    • SSDEEP

      768:XDNivfrO+Av3qpOCy71ShZ2/p1oaVBV2iKL2GmqBmmSE5fXuMZmwgCLWar8v:XB6zrAv3qpOCy71ShZ2R1osBV2iKL25p

    Score
    1/10
    behavioral9behavioral10

    • Target

      PKSJ Malware/2/VirusShare_01b55404de50bd1a56343b2f316ff88d

    • Size

      121KB

    • MD5

      01b55404de50bd1a56343b2f316ff88d

    • SHA1

      8a6b9599d3e71c83eaef7f5a23df21b4f41370b1

    • SHA256

      69bd652ace6469311a49a12f66bbbc691bdfc69aba958dd02d928464cbb46609

    • SHA512

      f1ec4bf6768dea2edc53c72dd7c884641a464f4268d21480bb55fbdb1079b8c5c9fb50eab4b29d13acb4a8682ca6ae291341e01b748e228b185676e48df2e598

    • SSDEEP

      3072:JrhJGtDfYtWAh3A8lKl+/63VBwxkbwQXz8lFTnc:JrhJoDfY13KE/qVlNYvnc

    Score
    1/10
    behavioral11behavioral12

    • Target

      PKSJ Malware/2/VirusShare_1ad9a67240d5775395c45b64dd6529fa

    • Size

      2.9MB

    • MD5

      1ad9a67240d5775395c45b64dd6529fa

    • SHA1

      c653d2c475f639ad68c210e0f9d829344c5663c7

    • SHA256

      3751298058a2a5d0912caa35bfdbafa48ae788647b536e69ad383c7c1990dd9d

    • SHA512

      721b1c577db1cfe5465eaceadf2a7cc9d3f68d341f98d7dcc4bde2ff606f359b6bc917e993f5f05e9897b7957ca2617fa03937c2aea6a8462b86f2e750397c23

    • SSDEEP

      49152:4obi85jFGg0IZHVA/pfa8u0Ikjhd6kss8CYxB52ibDIJZKpYg0Kg9e+KgFTRFO:Vzh6/I8u0IktgkOvxBUibs2Z0ggFdE

    Score
    3/10
    behavioral13behavioral14

    • Target

      PKSJ Malware/2/VirusShare_2fe5b00079aec2d8369a798230313ec8

    • Size

      125KB

    • MD5

      2fe5b00079aec2d8369a798230313ec8

    • SHA1

      e233595a2ee62f6197fcc7d9088fce3505c38ec0

    • SHA256

      8eb6805a0852b220695175ce81a5b139f1438dc06ea3fc1347b047702880374c

    • SHA512

      d9b4173274b49d7f041aea1a6866d5cc79530360668299385a10f25597b608308a5cb6502363709a7e09e43d30a1df95e1ab72fcc71852c78b51da016c2bbed7

    • SSDEEP

      3072:beKgdzSrG8KyIwLx3phgC1s0rPOWfKNR/:beKUzSLnLx3X3O0r2WfKNJ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral15behavioral16

    • Target

      PKSJ Malware/2/VirusShare_3f0b1eed4b7b9ae05fab4d949843f103

    • Size

      35KB

    • MD5

      3f0b1eed4b7b9ae05fab4d949843f103

    • SHA1

      e5b9fa0a23f337adae93ed4e8fcd1e9d9db4acba

    • SHA256

      ce21d34bafe338effb8f619936f057084cb45743fce884a1465966d8523a00a8

    • SHA512

      292183a9d0b3e5759453a43bcf34b8b1d09d09523687bfab090dd740a5c70169938904949b1c5a025b40082898dc3ec240ad2ec788b66f256efe5a041f774740

    • SSDEEP

      384:3+WbqwPv/ETzbVwNY/+TU5lHizK+BS3DzxW8M2GzraAzVCIXh3aM:OWbqm/EvZwO2TUrEQDtI2G31lX5

    Score
    1/10
    behavioral17behavioral18

    • Target

      PKSJ Malware/2/VirusShare_480ef02bb062a57724e1b3e14532a140

    • Size

      32KB

    • MD5

      480ef02bb062a57724e1b3e14532a140

    • SHA1

      5ea2c3fdeb0b399e1805a94d8e6af4ce0de2c63e

    • SHA256

      b2e302356d613a814a41d356a61cee24fc133dd032e4b02d8e29436aedd8d742

    • SHA512

      82587a541bdc570b15402ef33beb14d9681160dc6e520f0c34b3c040658d17a9ced58feaa350f3a6c56eb7236ceb4bd09ba6ece56d13113780a6fe1a5044a99f

    • SSDEEP

      768:9EKOUP0/RXtY+E1dhX2e1kaVsVri7sF9/I70u5M/E5vXuMZmwgCLWarCC:ROc0JTE1dhX2e1kssVri7sng0u5MyXFh

    Score
    1/10
    behavioral19behavioral20

    • Target

      PKSJ Malware/3/VirusShare_3fb34964fa7b8c6bfad8d960380ff04e

    • Size

      34KB

    • MD5

      3fb34964fa7b8c6bfad8d960380ff04e

    • SHA1

      9a3aec40056ce74bac833989ed71dfb6c2626f4c

    • SHA256

      26026b1b3d0cb660c6be6c536df679acca0b5562a3adbb507d001474d23f5650

    • SHA512

      a82b522dfd7eac30292a9e9ab19ddac94563804e77a1090e5f44de7e794ef4e5ebe0e7fb36e5177479417c8176ae0475613700755ca015c7ce941a4740215faa

    • SSDEEP

      384:bzIPMepSbSsG/CdPvunCpeJzKoSS3D6JO5LfBqtjbjk4Eohubn3ezta:nIPMecWsGKVunFFRDE6pqjhust

    Score
    1/10
    behavioral21behavioral22

    • Target

      PKSJ Malware/3/VirusShare_4675e87be15585e66b0c88b833dd9ecd

    • Size

      32KB

    • MD5

      4675e87be15585e66b0c88b833dd9ecd

    • SHA1

      b2c62b3cdc97ca86df9f06ea78bc4c59439d7a9b

    • SHA256

      77e2bcef8ff0e68646b27591faea3e15b4a09154d0611a5004ec028df5f36256

    • SHA512

      433f88857e55d57f01230dabb3ca5c618311c45e93c82786ab2677a7d2522e91343bcb7f8df02c83abcc9d431e0bd553022b05ab1f7c2c7f05d621f07a7e19a1

    • SSDEEP

      768:YJ7cDLXeFL/i6XV7JCzYLggXw2E0Ua20dZU57DsM1uBsYJyWOOX8ohjaSD2stCQB:0c/XcLF8E5Z

    Score
    1/10
    behavioral23behavioral24

    • Target

      PKSJ Malware/3/VirusShare_4aa5734fe9c86184f931f4ddaf2d4d7b

    • Size

      64KB

    • MD5

      4aa5734fe9c86184f931f4ddaf2d4d7b

    • SHA1

      a066ccad76f3c63d053cd68ac8692d4f4acf82ac

    • SHA256

      2e18ad3e470b97415beb2cdb8e3ef7510bad21f0a5add020a7f9343dd959eeaa

    • SHA512

      7355ffd3fc59af49af1d57f5327c7442a12c8e5ddc6ec9e176cc27fd4986cd6182f5f6ce91f892c07029efcac37f90d4dd077b6bb226b54c40621b94987a044c

    • SSDEEP

      384:rdP9JIA7uJ1wK2xBpHbVbl+NGYD90pSCfZziEKffhaekBfdReVwoGHdRsArr2rOR:R9JIqNl/SSrrpBfiIdRsorZucnjtsq

    Score
    10/10
    guloaderdownloaderguloaderpersistence

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • Guloader payload

      guloader

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral25behavioral26

    • Target

      PKSJ Malware/3/VirusShare_5c8b670c503455baafbff400a446cf82

    • Size

      208KB

    • MD5

      5c8b670c503455baafbff400a446cf82

    • SHA1

      a3eebbc14b852f77318d9bd09117b1ef56f35ede

    • SHA256

      22564368a2143231eb51f0ecb501d9777060fd9dd832dcc88a799520884da40c

    • SHA512

      6f9bf4e52523c32d980ab29c63e21d29aafd358c7c2cabcca6455685e1a683f96a718efe230d76687b72ce60b24c36c541e720a2d86d490835d481cf93c12d64

    • SSDEEP

      6144:jG3XIHrH91T+dG8tlj+ur37VW7SrBLl2mr/ruei+QE4lIVnAEsnnnnnn:jG3XorH3YGeljtr37s7SrBLrTaei+Qtz

    Score
    3/10
    behavioral27behavioral28

    • Target

      PKSJ Malware/3/VirusShare_6ad036ba93c94d6976e2d93c7a3aec6f

    • Size

      172KB

    • MD5

      6ad036ba93c94d6976e2d93c7a3aec6f

    • SHA1

      cb098f7a0492454a31f3819a1b7ec143c0c507b6

    • SHA256

      4ee0bf78e3b0a06c35fed0f912db6fabbb5fae13f838cd4132634359ad0d24da

    • SHA512

      525d3ccb7078d6c34287307891023a47773cb3ec94d6e5d54a4c2cb4006be5ae3356238e8fe4ce5ff17767b8326af385a2be735dac8dbe78f10c185c665f7a00

    • SSDEEP

      3072:vw2y/GdyrktGDWLS0HZWD5w8K7Nk9pD7IBUaT7jc5Hw:vw2k4jtGiL3HJk9pD7b+jMQ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral29behavioral30

    • Target

      PKSJ Malware/4/VirusShare_4b8eb7fe75f72c1c5c1f80af9cd165d2

    • Size

      64KB

    • MD5

      4b8eb7fe75f72c1c5c1f80af9cd165d2

    • SHA1

      b227eb90323259f6ff11e0436ba03ebd97706e99

    • SHA256

      55dd85b37566755ea1ffb022030b413d2722120067abd9b298a89a61f4b790c2

    • SHA512

      6a64a0c2d1c9f825aca460c692b96cf40ab511d81ee3d56f52870fe5648d902d6a3ac6c70cc85c4d86bd6b51a1d72373c75635731b2f354f8b541a7727f4e8fd

    • SSDEEP

      1536:LYg6BQIewyy7WxIAGWdw3/WEjMTrP4yyh+A4u7sUjl:t6BQhwAxIbp3XOS

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

11
T1112

Credential Access

Discovery

Query Registry

17
T1012

System Information Discovery

17
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

miner0upxmacromacro_on_actionono33xmrigcobaltstriketrickbot
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
3/10

behavioral3

upx
Score
8/10

behavioral4

upx
Score
8/10

behavioral5

ta505upx
Score
10/10

behavioral6

ta505
Score
10/10

behavioral7

Score
10/10

behavioral8

Score
10/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
10/10

behavioral16

Score
10/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

guloaderdownloaderguloaderpersistence
Score
10/10

behavioral26

guloaderdownloaderguloaderpersistence
Score
10/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

Score
10/10

behavioral30

Score
10/10

behavioral31

Score
1/10

behavioral32

Score
1/10