Overview

overview

8

Static

static

a448d3517a...3d.exe

windows7-x64

8

a448d3517a...3d.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    a448d3517a18f7e76d1f3fb3cc3548c0d0e45ce275a26065d1d6676face57c3d

  • Size

    160KB

  • Sample

    221107-tlqk7afca6

  • MD5

    06b1e92cb285460afb3cb7452caa6821

  • SHA1

    e97c76bb84dfeb8dc1d8e4c906816ca6bb4cb1cf

  • SHA256

    a448d3517a18f7e76d1f3fb3cc3548c0d0e45ce275a26065d1d6676face57c3d

  • SHA512

    3772073e7406003ae7639de0d82f20ce6411d23df4d315532e21ed7bc4f9d993aa7e1b1ce43bbdb783972ea4e141bce1d7986b584ef255a439582d8bcbaef293

  • SSDEEP

    1536:3+gDbKlmyJKz5jR7766dxocisPfDsCUjhe+SPBp9oEoTTLgY++++1sY+++++ZDdM:3xbkuVbvLn7Uj3

Score
8/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      a448d3517a18f7e76d1f3fb3cc3548c0d0e45ce275a26065d1d6676face57c3d

    • Size

      160KB

    • MD5

      06b1e92cb285460afb3cb7452caa6821

    • SHA1

      e97c76bb84dfeb8dc1d8e4c906816ca6bb4cb1cf

    • SHA256

      a448d3517a18f7e76d1f3fb3cc3548c0d0e45ce275a26065d1d6676face57c3d

    • SHA512

      3772073e7406003ae7639de0d82f20ce6411d23df4d315532e21ed7bc4f9d993aa7e1b1ce43bbdb783972ea4e141bce1d7986b584ef255a439582d8bcbaef293

    • SSDEEP

      1536:3+gDbKlmyJKz5jR7766dxocisPfDsCUjhe+SPBp9oEoTTLgY++++1sY+++++ZDdM:3xbkuVbvLn7Uj3

    Score
    8/10
    evasionpersistencetrojanupx

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks