035c1959eb274806f26b2e6c29d13152eeacb976560de99a331b4ece1de367b8 | Triage

Sharing

General

Target

035c1959eb274806f26b2e6c29d13152eeacb976560de99a331b4ece1de367b8
Size

700KB
Sample

221123-xwxc9sbb8y
MD5

32470fa5be6d4b22071f4230af075aa6
SHA1

4877de83a9e8ec16035d5e67e656c3ffb6266cab
SHA256

035c1959eb274806f26b2e6c29d13152eeacb976560de99a331b4ece1de367b8
SHA512

87991921e25d5c49b9eda391df7b84318100a4b5944900705143f8c4edf4b4f964e40b56b303149dc516f2c40e120d78340c9d75f2ecb041885a6196c285993c
SSDEEP

12288:fSy9imBJNwDo0SaSXEzKp8XGdTGfNRiOkBCVJx/ww9KCiixdGcbQjczt/MAb74Mt:fx97BJNR0SvXE27QfNRiWv/iixdGcbQq

Score

9^/10

persistence upx

Malware Config

Targets

- Target
  
  madCHook.dll
- Size
  
  123KB
- MD5
  
  369d077a89a03823debf94ed5e0dfcd1
- SHA1
  
  a14bdc948373e84b24798e20a7e91d59ad67c8ba
- SHA256
  
  a9a1e9fa16890d4b51b514adddec3e5592fbf2ee25611029c67c813225c54ee9
- SHA512
  
  5506c4f8022fc9d607f86e59e1aceab2c29c6eac721604e308fb6e26134a88061c06929e5a13409555e660d4e957943306e7cc35eb917bd262496726926ac5b5
- SSDEEP
  
  3072:Yfx6nz7ixioxKHncfwUi8yqEZ6vMDPYnDa+nER:2x6z7ixrC/qfnDa+n
Score

1^/10
behavioral1 behavioral2
- Target
  
  setup_C.CMD
- Size
  
  50B
- MD5
  
  8d34b98f7cbdaf2bb87ec10849bc9c65
- SHA1
  
  cd8e7f369bfcc415f1914f02dc1e01895bab4376
- SHA256
  
  555fc55cd5de7aadd1589093c32a9578b2527dbf6b8262a1debe611229f08c4c
- SHA512
  
  141f589755964f236bf95c12773a7fbcbd656099177e517782d8e147128c9af6fb613c0bef0369d14e7f2f04eab2b0c4e8c24565a6affe9fad615b815219d5bf
Score

4^/10
behavioral3 behavioral4
- Target
  
  setup_D.CMD
- Size
  
  50B
- MD5
  
  1f2a4406a999173d5f9eb0dd66fd9500
- SHA1
  
  a6c13232a6a66bd429f5ff4dea7839dbc4ec4b02
- SHA256
  
  388c7a79c76a51948ae5135f77d010d01f096be790ba9eed67cee6a5c83306a8
- SHA512
  
  248003ad8b6a80495452cebb95bffb51c0cf73f89dc8ba55f089d9284cdd9349f29a7c083e8163f86adca019a409c0e1b878a16fcfef7bb07b4870b63bfcb7d7
Score

1^/10
behavioral5 behavioral6
- Target
  
  shfmi.exe
- Size
  
  725KB
- MD5
  
  a563df5a4a258bd3098ce027290e2e4a
- SHA1
  
  e06ae5cc8294258356362ef87d39a788ef4ab22d
- SHA256
  
  011d35c0e14b3d590c7adda7921e116c0b23960836c4cb208c40cefbf3c780de
- SHA512
  
  6ca422a08e7af24997a8bd4ca8093782dafeb11c68508056b4348607e70457f3a8b6936ef787b051d4af14d95ac55d03d7c13b5bb4e3e4ef443cf9a6a1c65aaf
- SSDEEP
  
  12288:vJxbz0t3/scnadOTSLcFpPVWAe/xZzoXGenADr3fE5VkTV9m:vvz0NsuiWS4FP4ZzoHY3s0T
Score

8^/10

persistence upx
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  shfres.dll
- Size
  
  14KB
- MD5
  
  e341e3babd8c1aa0f9afd2f1dfda88b3
- SHA1
  
  8d5668854322b4b323ef8cf36cfdc1d2cfca1dfa
- SHA256
  
  fc9fd53ee4896414b3d8ce1b59d4764dbabde014bc37ef0364f292c69189ccf8
- SHA512
  
  e3012c4862dd8a87653ee84cb7ebac922f3540c35e3192a4621f4f436d4635ccafed49ddfe289364096ff9ab9d7c2c206c495ee5675e84d82c5d77235eae0994
- SSDEEP
  
  192:/n7sMpNoeVVhzNQXFiG+RhEekYlxeLBiqq2mJbixmBGnziiBMv3p6pajojEFk2XD:4MpaeBzNekG+RlS9c2mJbigbB2anLX
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10