596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2 | Triage

Submit
Reports

Overview

overview

Static

static

8

596d29b856...a2.exe

windows7-x64

596d29b856...a2.exe

windows10-2004-x64

Sharing

General

Target

596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2
Size

1.7MB
Sample

221124-gaqqlafb8s
MD5

4067b8f337c4b4e2f859894e2d353a6e
SHA1

bb5f53cdf274ebb0c38dd6fa6ec53c6731dfffde
SHA256

596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2
SHA512

5444291420309b8a65d14b6f434f92acee8c038b55898b2a0c5383b5b26a88d6e377c05e6079c7b74fb84bd237889cc56bd98c0ceb44698a38f974a875d458b6
SSDEEP

49152:tTu0LSVHASxN9aD7sOP93ZPaZRNsa95ZN5T:ty0mVgSxa872av9

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2.exe

Resource

win7-20220812-en

evasion persistence trojan upx

windows7-x64

26 signatures

150 seconds

Behavioral task

behavioral2

Sample

596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2.exe

Resource

win10v2004-20220812-en

evasion persistence trojan upx

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2
- Size
  
  1.7MB
- MD5
  
  4067b8f337c4b4e2f859894e2d353a6e
- SHA1
  
  bb5f53cdf274ebb0c38dd6fa6ec53c6731dfffde
- SHA256
  
  596d29b8563a1382954a5f845fe17e324b940e5a02d2f3d4c3d9782b8561d0a2
- SHA512
  
  5444291420309b8a65d14b6f434f92acee8c038b55898b2a0c5383b5b26a88d6e377c05e6079c7b74fb84bd237889cc56bd98c0ceb44698a38f974a875d458b6
- SSDEEP
  
  49152:tTu0LSVHASxN9aD7sOP93ZPaZRNsa95ZN5T:ty0mVgSxa872av9
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Stops running service(s)
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Impair Defenses

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy