Overview

overview

10

Static

static

8

1a0ddc66b6...9c.exe

windows7-x64

10

1a0ddc66b6...9c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a0ddc66b62771262dd5cb37f834eb6abf77f7cb08184a34e3ecb746443e369c

  • Size

    255KB

  • Sample

    221123-zx9fbshb3t

  • MD5

    f44a1675a9a7394032ce07ab9f4fd112

  • SHA1

    d4e578dae6f63917cdb886776df3f77ca92fc697

  • SHA256

    1a0ddc66b62771262dd5cb37f834eb6abf77f7cb08184a34e3ecb746443e369c

  • SHA512

    c14eab876165291a62ca3e8faffe7c7751b32acb384e026e4dbba30a7be3b7e6247bfab3d3ee9e9b2fa325f61c95319ef297acbfe2f86fef4826de42e5b3a26a

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJn:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIm

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      1a0ddc66b62771262dd5cb37f834eb6abf77f7cb08184a34e3ecb746443e369c

    • Size

      255KB

    • MD5

      f44a1675a9a7394032ce07ab9f4fd112

    • SHA1

      d4e578dae6f63917cdb886776df3f77ca92fc697

    • SHA256

      1a0ddc66b62771262dd5cb37f834eb6abf77f7cb08184a34e3ecb746443e369c

    • SHA512

      c14eab876165291a62ca3e8faffe7c7751b32acb384e026e4dbba30a7be3b7e6247bfab3d3ee9e9b2fa325f61c95319ef297acbfe2f86fef4826de42e5b3a26a

    • SSDEEP

      3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJn:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIm

    Score
    10/10
    evasionpersistencespywarestealertrojanupx

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Windows security bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks