c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b

General

Target

c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b
Size

342KB
Sample

221028-wtevrshga7
MD5

0bf09fb0d1755a016eede7ac78b1d94b
SHA1

1fc39f7cf35a1c17f06b1e5709423b51c3520594
SHA256

c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b
SHA512

120d11133bea049fb9e9916a199ef6eadfb828f8f420d068c5a8a3ada16c8faa82abbe344fa1f45a38dae9b25d1369e3fc2a53f1323fc5aea283b885d121577b
SSDEEP

6144:ARqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4yOWYbCyQ:UqmpplpGoGL3etQoMiXM8gxf/Sj4y0Q

Score

10^/10

Malware Config

Targets

- Target
  
  c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b
- Size
  
  342KB
- MD5
  
  0bf09fb0d1755a016eede7ac78b1d94b
- SHA1
  
  1fc39f7cf35a1c17f06b1e5709423b51c3520594
- SHA256
  
  c46805d51bfee760e479a708d5b3a0d1e089396103d01f0693c3fc5edbd9760b
- SHA512
  
  120d11133bea049fb9e9916a199ef6eadfb828f8f420d068c5a8a3ada16c8faa82abbe344fa1f45a38dae9b25d1369e3fc2a53f1323fc5aea283b885d121577b
- SSDEEP
  
  6144:ARqmpp+amNOGokzLyM9tsLAitQo6tzOKkzIt8gKyfjxfR9D2j4yOWYbCyQ:UqmpplpGoGL3etQoMiXM8gxf/Sj4y0Q
Score

10^/10

aspackv2 persistence upx
- Modifies WinLogon for persistence
  persistence
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

4

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies WinLogon for persistence

ASPack v2.12-2.42

Adds policy Run key to start application

Executes dropped EXE

Modifies Installed Components in the registry

UPX packed file

Deletes itself

Loads dropped DLL

Unexpected DNS network traffic destination

Modifies WinLogon

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2