Overview

overview

10

Static

static

8

�...41.exe

windows7-x64

1

�...41.exe

windows10-2004-x64

1

�...41.exe

windows7-x64

10

�...41.exe

windows10-2004-x64

10

�...41.ppt

windows7-x64

1

�...41.ppt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2277feaee7cba95d5167c01c0374a0bcd71b3574c59e61576e1290d9c598ddda

  • Size

    917KB

  • Sample

    221124-mb3pfaba7t

  • MD5

    f0e750782adb349f7104d904bf2af7e4

  • SHA1

    c6199abfabe385d7060263f0a1cd7b56cde1887e

  • SHA256

    2277feaee7cba95d5167c01c0374a0bcd71b3574c59e61576e1290d9c598ddda

  • SHA512

    98a2902bb009fb2ae4d7f32903a0bca7d2095ec5793555efad5ed666296321e5e2f8f61db1f224b99f07b83184f305f76fc28e1eb6bc068c6961098396c914d7

  • SSDEEP

    24576:g4BSo2FQjl9wTlRdiQ544HiyfwHmz6mq71OWZWg/8:g4BSoJkP8+fiqw8o1r8

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      ƶ˰չ滮ͨһ 20141019 ˫˫ʦ/񱨳˰˰ʱ.exe

    • Size

      363KB

    • MD5

      07969c7ff59287a6127e1c99a48eca8b

    • SHA1

      dbc8fc67254a3819c83b20bb58c4d81bba8104a3

    • SHA256

      2120ee74e82251d05bd28740a56783589cc5eeeb57740f781746327899c4490d

    • SHA512

      e294b374b2e70f3aab60188907acec4ee64e19897a2ef9e50401bcec9e38c1d64be470d111ad7a9a468a36bd5cdfc4a688cf0a852dae987d2aecd1651dac2ab2

    • SSDEEP

      6144:iw+RvVrYjQf/KOgzTrMzWdKT1f/5dWDquH2sJgHvKr8e0L:cdVrZf/ATwzbS2mgPlh

    Score
    1/10
    behavioral1behavioral2

    • Target

      ƶ˰չ滮ͨһ 20141019 ˫˫ʦ/ƶ˰չ滮ͨһ 20141019 ˫˫ʦ.exe

    • Size

      788KB

    • MD5

      c86d03cba652fb03c0a0c2ada52db647

    • SHA1

      d6eb328096dee621b858722ffc83b1540a0e1539

    • SHA256

      90a0e6bbc98028ac2ce8dddff5b952fdc0d0307d29a6fc339dac00f2d718bc9d

    • SHA512

      5f59df65d91997e69c0ffa1ef6aaa27d0e725b8b57b3434cb5961d43c304e2258b7cbcf963af97e2fdbfe61ef48eb0c5d178fc535030796b7360db634c3a979f

    • SSDEEP

      6144:+TBcx19YgC8Ukq9NXcHNINzsr5IW4Fxpr7dTHbmdUnmXr3w798:+TB09SkkNXKgor5IWk3rkegr

    Score
    10/10
    evasionpersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      ƶ˰չ滮ͨһ 20141019 ˫˫ʦ/ƹ滮ʦμ()--˰ճﻮ.ppt

    • Size

      792KB

    • MD5

      e66d2a74436795428d1ebdfd9f570875

    • SHA1

      df431912311a2c6a37039b3ca817b6245d93854b

    • SHA256

      7adb7258fc5603cf032791fa71a33611c8a224419d64d16f54bf035fb18556a0

    • SHA512

      90e117eb269f2e8c44ecf9fc0d0cf308140f90c0cb2f98b76e247a0185a662b6b836804e272082b60bb832a54e033c255ec1a12328f5a5b763fd675c9017f7ef

    • SSDEEP

      6144:/IwTVmHKXtn0Co41SG6Sx8RKTYHtY7kUoI318Hrh2Wqbq3t5v:/IWVPtnDsG6SxIK8HtoK2e95

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2
T1004

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks