Overview

overview

10

Static

static

d83275ce64...73.exe

windows7-x64

10

d83275ce64...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d83275ce64fbca91202817bcc2cb23031484f7f13627277d84e5761e9ff0b473

  • Size

    134KB

  • Sample

    221123-xggn9shh71

  • MD5

    5c9886c5640c5e125e6640314db6d216

  • SHA1

    b5ecf8c1bfcc8550644b3fe78ff07a344f95ec1c

  • SHA256

    d83275ce64fbca91202817bcc2cb23031484f7f13627277d84e5761e9ff0b473

  • SHA512

    a16d5d68f8cdc726cdb4d77cbb0a3ec41bd8b51aedb06c206cab3eae904fd321323085cc7f65afee354fb8f9d0615e87830cb2f2a61ba3b62058560a9ce2e8df

  • SSDEEP

    3072:ncw9JIpFWgCcw2OPdZm+UyidxE9oVjB1jz4oUSod2oewM:RJIpFWgCP/Pb2ymxQK/lSgp

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      d83275ce64fbca91202817bcc2cb23031484f7f13627277d84e5761e9ff0b473

    • Size

      134KB

    • MD5

      5c9886c5640c5e125e6640314db6d216

    • SHA1

      b5ecf8c1bfcc8550644b3fe78ff07a344f95ec1c

    • SHA256

      d83275ce64fbca91202817bcc2cb23031484f7f13627277d84e5761e9ff0b473

    • SHA512

      a16d5d68f8cdc726cdb4d77cbb0a3ec41bd8b51aedb06c206cab3eae904fd321323085cc7f65afee354fb8f9d0615e87830cb2f2a61ba3b62058560a9ce2e8df

    • SSDEEP

      3072:ncw9JIpFWgCcw2OPdZm+UyidxE9oVjB1jz4oUSod2oewM:RJIpFWgCP/Pb2ymxQK/lSgp

    Score
    10/10
    evasionpersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Disables use of System Restore points

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Tasks