4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2 | Triage

Submit
Reports

Overview

overview

Static

static

8

4012d913f6...c2.exe

windows7-x64

4012d913f6...c2.exe

windows10-2004-x64

Sharing

General

Target

4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2
Size

255KB
Sample

221029-fephnabff8
MD5

8456a7277afb59dc548e130d0195eed1
SHA1

3b906d4f6be729d4d3d5728b84a068433f143821
SHA256

4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2
SHA512

e5ed6f7f2b2969f342e4e2ac65bd563fc8ae49bc63131e017bacf65cd6db20368cac469b5b0f60e344ed9109d506fa91ac8c2d78e2bb587e1e8fac14433b6c22
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJz:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIk

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2.exe

Resource

win7-20220812-en

evasion persistence trojan upx

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2.exe

Resource

win10v2004-20220812-en

evasion persistence trojan upx

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2
- Size
  
  255KB
- MD5
  
  8456a7277afb59dc548e130d0195eed1
- SHA1
  
  3b906d4f6be729d4d3d5728b84a068433f143821
- SHA256
  
  4012d913f674ad7a268a6d59184a37f8f6dd27cf945856c744ee7ff4bdd8f2c2
- SHA512
  
  e5ed6f7f2b2969f342e4e2ac65bd563fc8ae49bc63131e017bacf65cd6db20368cac469b5b0f60e344ed9109d506fa91ac8c2d78e2bb587e1e8fac14433b6c22
- SSDEEP
  
  3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJz:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIk
Score

10^/10

evasion persistence trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy