bc8c447cfe3c35e4e12ce2cb9ec3d8125df1d1ead41ee74b1c00e37838a83a58 | Triage

Submit
Reports

Overview

overview

9

Static

static

Stefan Boa...nd.exe

windows7-x64

9

Stefan Boa...nd.exe

windows10-2004-x64

8

Sharing

General

Target

bc8c447cfe3c35e4e12ce2cb9ec3d8125df1d1ead41ee74b1c00e37838a83a58
Size

108KB
Sample

221029-tcahlsdbb9
MD5

41f92dd9f24dcf89c47d3bcf7ae08b52
SHA1

a731ac9aa1db0ae9505f017df57b3669ef667246
SHA256

bc8c447cfe3c35e4e12ce2cb9ec3d8125df1d1ead41ee74b1c00e37838a83a58
SHA512

865c01672d48b579e9851e4303f0c8564f9e59fe51ffb7252aee089ff29acc78c66c342854c82d1aa4eb97c7765195472d41ce859d7f6b2c176aa7d76800c60d
SSDEEP

1536:kVmfaqf7zjrhAc4nu/greNUMoewRBfefI3N3kOF7yhduMacoz5lB:kgff7acdIRgwjeg1/XJzB

Score

9^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

Stefan Boas 02.05.2014 Center GmbH Video-on-Demand.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Stefan Boas 02.05.2014 Center GmbH Video-on-Demand.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  Stefan Boas 02.05.2014 Center GmbH Video-on-Demand.com
- Size
  
  108KB
- MD5
  
  f745e3ebd4bd2b8f014a92428ea9efb1
- SHA1
  
  ae17fefd3c22ac6314123b0735e8f71fe314d98d
- SHA256
  
  bcac6d2aa8036be33cef0927b193a4aa0c2928790a5f78df9dd6319f02f748f9
- SHA512
  
  6252a6185e0dbbe7a334ad5f4ae889ebb19e7dcefe489549765436cad8121ef0056cfa27a6c336687d79632f38eaa97f86f57c466059fba002984b8ab2cc2aab
- SSDEEP
  
  1536:/Vmfaqf7zjrhAc4nu/greNUMoewRBfefI3N3kOF7yhduMacoz5lD:/gff7acdIRgwjeg1/XJzD
Score

9^/10

evasion persistence upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

© 2018-2024

Terms | Privacy