d18d65f4eb99ec3b48ec864f032dfdffd92c11dd8bca866c922f6e6d49835277 | Triage

Sharing

General

Target

d18d65f4eb99ec3b48ec864f032dfdffd92c11dd8bca866c922f6e6d49835277
Size

341KB
Sample

221123-lx49qafh8y
MD5

0456f07c2741370554e34bcc84248292
SHA1

c0f8d06fc7e252df5f9f2c21226c48df01e795e7
SHA256

d18d65f4eb99ec3b48ec864f032dfdffd92c11dd8bca866c922f6e6d49835277
SHA512

a9d9b8e3e8484aad9bdede627613ce5d07232b939c9b0a65c2f8a92dffe46e48ff941cd3536579cad0ac8e74410f7ad6adaa68aebe5818bdca735524fa3e44e9
SSDEEP

6144:WsIr3goOWWq0jd97KgoC6ENiL4RvZ104vOS2WVRd+tpTfrUneaHIP:WBEPBjLWL2mWLb6

Score

8^/10

evasion persistence upx

Malware Config

Targets

- Target
  
  d18d65f4eb99ec3b48ec864f032dfdffd92c11dd8bca866c922f6e6d49835277
- Size
  
  341KB
- MD5
  
  0456f07c2741370554e34bcc84248292
- SHA1
  
  c0f8d06fc7e252df5f9f2c21226c48df01e795e7
- SHA256
  
  d18d65f4eb99ec3b48ec864f032dfdffd92c11dd8bca866c922f6e6d49835277
- SHA512
  
  a9d9b8e3e8484aad9bdede627613ce5d07232b939c9b0a65c2f8a92dffe46e48ff941cd3536579cad0ac8e74410f7ad6adaa68aebe5818bdca735524fa3e44e9
- SSDEEP
  
  6144:WsIr3goOWWq0jd97KgoC6ENiL4RvZ104vOS2WVRd+tpTfrUneaHIP:WBEPBjLWL2mWLb6
Score

8^/10

evasion persistence upx
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2