e036b18e95697132235622eb0d29f30257cc783105ce8e0e13ebe2204a106c66 | Triage

Sharing

General

Target

e036b18e95697132235622eb0d29f30257cc783105ce8e0e13ebe2204a106c66
Size

121KB
Sample

221107-lzweladbdl
MD5

0d651f176a0f1b2659a0f6f578ceb1f1
SHA1

198b746ca2c0272e03717c52fe089716313ae62c
SHA256

e036b18e95697132235622eb0d29f30257cc783105ce8e0e13ebe2204a106c66
SHA512

171f6d8c2fce3cdd4b59de425266e9770e0a248d9f7a39d201e341b86d02b6dcca20ba685450be3e3a45f67e5e1a300ed414166cbeadd189b545b630ce5cd44e
SSDEEP

3072:0tJ6Ypo3U3zGNCgDvKz1jYjfiS4dTCGv:m83iaCgDymP6Cc

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  e036b18e95697132235622eb0d29f30257cc783105ce8e0e13ebe2204a106c66
- Size
  
  121KB
- MD5
  
  0d651f176a0f1b2659a0f6f578ceb1f1
- SHA1
  
  198b746ca2c0272e03717c52fe089716313ae62c
- SHA256
  
  e036b18e95697132235622eb0d29f30257cc783105ce8e0e13ebe2204a106c66
- SHA512
  
  171f6d8c2fce3cdd4b59de425266e9770e0a248d9f7a39d201e341b86d02b6dcca20ba685450be3e3a45f67e5e1a300ed414166cbeadd189b545b630ce5cd44e
- SSDEEP
  
  3072:0tJ6Ypo3U3zGNCgDvKz1jYjfiS4dTCGv:m83iaCgDymP6Cc
Score

8^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2