Overview

overview

10

Static

static

8

54927f798c...c4.exe

windows7-x64

10

54927f798c...c4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    54927f798c6bca5a8adc82f5cc9cc6968035b04d4cf9f99b6ef60913d0bd37c4

  • Size

    1.4MB

  • Sample

    221029-n3zmjafdfk

  • MD5

    eba851d15cf4079eb72134dfdbb1d40a

  • SHA1

    5fd177ffa28a0d0f4077ffedf13da36aa3a146e8

  • SHA256

    54927f798c6bca5a8adc82f5cc9cc6968035b04d4cf9f99b6ef60913d0bd37c4

  • SHA512

    456945282c6f64658345e422e34d498de8ee50787ecaaaf87d8e0bfe967a94edf7dd5f37da4990a4c2a38bd250a9bd50fe8cb678f213fb82137e4f5f98f0473f

  • SSDEEP

    24576:GerQZb+md4wmAWerQZb+md4wmAGerQZb+md4wm0Z:GerQZbd27erQZbd2verQZbd2s

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      54927f798c6bca5a8adc82f5cc9cc6968035b04d4cf9f99b6ef60913d0bd37c4

    • Size

      1.4MB

    • MD5

      eba851d15cf4079eb72134dfdbb1d40a

    • SHA1

      5fd177ffa28a0d0f4077ffedf13da36aa3a146e8

    • SHA256

      54927f798c6bca5a8adc82f5cc9cc6968035b04d4cf9f99b6ef60913d0bd37c4

    • SHA512

      456945282c6f64658345e422e34d498de8ee50787ecaaaf87d8e0bfe967a94edf7dd5f37da4990a4c2a38bd250a9bd50fe8cb678f213fb82137e4f5f98f0473f

    • SSDEEP

      24576:GerQZb+md4wmAWerQZb+md4wmAGerQZb+md4wm0Z:GerQZbd27erQZbd2verQZbd2s

    Score
    10/10
    evasionpersistenceupx

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks