Overview

overview

10

Static

static

8

4231692126...ee.exe

windows7-x64

10

4231692126...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4231692126fdaa6a1f781b691c8da0cb8f9d01d5cf8bcb5bbcdc3505699366ee

  • Size

    255KB

  • Sample

    221029-e7a1asbdc6

  • MD5

    a0513a67bed9b118bbbed545e1b6e728

  • SHA1

    fd74494d754d92408f80b2316ea5bb8b71af1525

  • SHA256

    4231692126fdaa6a1f781b691c8da0cb8f9d01d5cf8bcb5bbcdc3505699366ee

  • SHA512

    10b40d304eb61729f0849593a45fd44db1eb489a93f6479c6b7ede5e5ffa0e91f2400ec3a566108f51c4ba0304316d5029465e55fc88be5d6be2f7fb35dde394

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJ6:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIb

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      4231692126fdaa6a1f781b691c8da0cb8f9d01d5cf8bcb5bbcdc3505699366ee

    • Size

      255KB

    • MD5

      a0513a67bed9b118bbbed545e1b6e728

    • SHA1

      fd74494d754d92408f80b2316ea5bb8b71af1525

    • SHA256

      4231692126fdaa6a1f781b691c8da0cb8f9d01d5cf8bcb5bbcdc3505699366ee

    • SHA512

      10b40d304eb61729f0849593a45fd44db1eb489a93f6479c6b7ede5e5ffa0e91f2400ec3a566108f51c4ba0304316d5029465e55fc88be5d6be2f7fb35dde394

    • SSDEEP

      3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJ6:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIb

    Score
    10/10
    evasionpersistencetrojanupxspywarestealer

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks