656996488336a52e1d9dec40f6ad9d1ea0bf4ed12e3ac76092efb5d3a47aba3d

General

Target

656996488336a52e1d9dec40f6ad9d1ea0bf4ed12e3ac76092efb5d3a47aba3d
Size

944KB
Sample

221030-p4q78abde9
MD5

939ec9459afcced9dd1c8009595ecb30
SHA1

f63e9c4916c143e9ecc32e8a0da99df56b96dd25
SHA256

656996488336a52e1d9dec40f6ad9d1ea0bf4ed12e3ac76092efb5d3a47aba3d
SHA512

2702aa1a06d2bb69dd7a676be7754d8cb20ba85fb1dd071bd9e049a27576d435d0ab6556aef309d89d0dc1164587e42516868d842d08391ba4ded0005cd42959
SSDEEP

1536:Wdpv71FU2dNNsP64wu5WxUYVUax5HNIo7ltnH/lGMvIncJrIk2HVv023tcOj2Xv:ATr+rwKQevo7ltjacJcNHtF3tRjk

Score

8^/10

Malware Config

Targets

- Target
  
  656996488336a52e1d9dec40f6ad9d1ea0bf4ed12e3ac76092efb5d3a47aba3d
- Size
  
  944KB
- MD5
  
  939ec9459afcced9dd1c8009595ecb30
- SHA1
  
  f63e9c4916c143e9ecc32e8a0da99df56b96dd25
- SHA256
  
  656996488336a52e1d9dec40f6ad9d1ea0bf4ed12e3ac76092efb5d3a47aba3d
- SHA512
  
  2702aa1a06d2bb69dd7a676be7754d8cb20ba85fb1dd071bd9e049a27576d435d0ab6556aef309d89d0dc1164587e42516868d842d08391ba4ded0005cd42959
- SSDEEP
  
  1536:Wdpv71FU2dNNsP64wu5WxUYVUax5HNIo7ltnH/lGMvIncJrIk2HVv023tcOj2Xv:ATr+rwKQevo7ltjacJcNHtF3tRjk
Score

8^/10

discovery evasion persistence trojan upx
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds policy Run key to start application

Executes dropped EXE

UPX packed file

Checks BIOS information in registry

Deletes itself

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2