Overview

overview

10

Static

static

3a1f7d0298...74.exe

windows7-x64

10

3a1f7d0298...74.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a1f7d02986ec12aebad4ef5de23e1bc1521878bccf752794dd81c64f201a374

  • Size

    109KB

  • Sample

    221123-rxc35ahf98

  • MD5

    a01c8d98557debf9579e2786ca5e72ee

  • SHA1

    76f69849b35c1701d6f2644d65efbe30cec6b0ea

  • SHA256

    3a1f7d02986ec12aebad4ef5de23e1bc1521878bccf752794dd81c64f201a374

  • SHA512

    c01333b87e2678794c96a543c303d7e0bf482308436fdf18b010c4d4ce121fc2bdc376ec2774356d7c2dcbd060da7a46551671cd67cd48233fc2859bf7327e70

  • SSDEEP

    3072:gMr/Bo2NPTcL2a6k2al4Dv61hb5nErzRF:FlNPTcFofT6P9nEP

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      3a1f7d02986ec12aebad4ef5de23e1bc1521878bccf752794dd81c64f201a374

    • Size

      109KB

    • MD5

      a01c8d98557debf9579e2786ca5e72ee

    • SHA1

      76f69849b35c1701d6f2644d65efbe30cec6b0ea

    • SHA256

      3a1f7d02986ec12aebad4ef5de23e1bc1521878bccf752794dd81c64f201a374

    • SHA512

      c01333b87e2678794c96a543c303d7e0bf482308436fdf18b010c4d4ce121fc2bdc376ec2774356d7c2dcbd060da7a46551671cd67cd48233fc2859bf7327e70

    • SSDEEP

      3072:gMr/Bo2NPTcL2a6k2al4Dv61hb5nErzRF:FlNPTcFofT6P9nEP

    Score
    10/10
    persistenceupx

    • Modifies WinLogon for persistence

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks