Overview

overview

10

Static

static

CmdRegCleaner.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CmdRegCleaner.zip

  • Size

    280KB

  • Sample

    221124-x81w8aeb69

  • MD5

    25b18997801a18b7a535179af043eee8

  • SHA1

    24cf66eda9e7271769684de49ab32c23789665c0

  • SHA256

    773feea1bd44fec204c72fab08cd490c50a3d39d50d9a58d031eaaf2d8674c60

  • SHA512

    8beba8de31a66f3be9a2b176af70a155a901d5c80dfa4ec1ec3e0dd0e2f074caf6d74c626e8650155d3bb0c8249401753f2c682dda3c2eed6357253b53a2e175

  • SSDEEP

    6144:pJvC6+hC9aVs20pCNox2PenR6TsarOY8Bc3uZUGwm9FGdOJn4Zz2ngnq:fvCoai20CNoIP20FrWRUGwmG+g2

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      CmdRegCleaner.exe

    • Size

      418KB

    • MD5

      0aeb125525c77edc57fb2c7e97d14467

    • SHA1

      7b68218bc50ae922a1526393e9c4ef3870cc8243

    • SHA256

      c20115171317123951b4e6306bfe29a2eb83cc4dafb2d3ba99663aafd336adb3

    • SHA512

      e3bd20bda611757d1efe12e13a2e8138e167c074466512ab3248958a4a2039e128b2dafde00571455e8e1ff943e1ebaf64d2d8193598dee7baed38d16910e82f

    • SSDEEP

      12288:pRZ+IoG/n9IQxW3OBse4X+tixbtjGtSYLNdZo:h2G/nvxW3WuN5GtrLny

    Score
    10/10
    persistenceupx

    • Modifies system executable filetype association

      persistence

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks