c02635eb5ef492bdf4a81ecedbee5a0e4eed480c56b61c9ab9c357b971478a14

General

Target

c02635eb5ef492bdf4a81ecedbee5a0e4eed480c56b61c9ab9c357b971478a14
Size

375KB
Sample

221106-jd4sqsaag6
MD5

18ba2e9748efb84d3a62340811c2ac4c
SHA1

30c9882f14cde6af9c485559a857fb27bf7382d8
SHA256

c02635eb5ef492bdf4a81ecedbee5a0e4eed480c56b61c9ab9c357b971478a14
SHA512

ea466fee934c244263f4dd18834352e7e79bb9cc8950ea1f518757be687c45f517a4ae9aa16ef8ca0066998d99da0e764865eca6ab75d6356730847186f261df
SSDEEP

6144:SqgHRS/iPfPtRNOqqaP5FwRW0DHY96A7cz3lyhNTmBvI4QwU9O4MfWqXOwiG+:SqgHRDtKqqaP56RPDLBrlyDuX9Q

Score

8^/10

Malware Config

Targets

- Target
  
  c02635eb5ef492bdf4a81ecedbee5a0e4eed480c56b61c9ab9c357b971478a14
- Size
  
  375KB
- MD5
  
  18ba2e9748efb84d3a62340811c2ac4c
- SHA1
  
  30c9882f14cde6af9c485559a857fb27bf7382d8
- SHA256
  
  c02635eb5ef492bdf4a81ecedbee5a0e4eed480c56b61c9ab9c357b971478a14
- SHA512
  
  ea466fee934c244263f4dd18834352e7e79bb9cc8950ea1f518757be687c45f517a4ae9aa16ef8ca0066998d99da0e764865eca6ab75d6356730847186f261df
- SSDEEP
  
  6144:SqgHRS/iPfPtRNOqqaP5FwRW0DHY96A7cz3lyhNTmBvI4QwU9O4MfWqXOwiG+:SqgHRDtKqqaP56RPDLBrlyDuX9Q
Score

8^/10

discovery evasion persistence trojan upx
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds policy Run key to start application

Executes dropped EXE

UPX packed file

Checks BIOS information in registry

Deletes itself

Loads dropped DLL

Checks installed software on the system

Checks whether UAC is enabled

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2