504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38

Sharing

Copy URL

Twitter E-mail

General

Target

504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
Size

1.1MB
Sample

221126-k35l1afh32
MD5

c65300475e74c5fe298994ac8a1cd613
SHA1

11fabd6bbaf50545583abeea4eb8781ab4b20e1e
SHA256

504aba9ffc85b963c92b2725c54b2f16e8dca913b5dbe2b7d75786eee3692a38
SHA512

1c09b7ae1f15d90afa6e363df253afee0e606e6436b82145fb6e436c65bc289c6e6ae265a6aef15adda50e30c3aa711ede2a5ce28717f2a74506e11fb75afa31
SSDEEP

24576:RcwRCjvCLnTSjF/46nqO1H/uIiLxeasBkpn+r:6k7TWasqO1H2jLopky

Score

10^/10

Malware Config

Targets

- Target
  
  ©ɱ/008.vir
- Size
  
  112KB
- MD5
  
  1a8c35075498ddf7f324a7df406acc10
- SHA1
  
  a70c4113d218af4581b942b92736d49cd6e8203d
- SHA256
  
  7bf6a7fc84399b21b3345707212b9011097f9958906e1678e7285006c18cde4a
- SHA512
  
  e972cedaec84f39b720477e33d9f10cea3f3d20f95d5ae3cf4b7c85ffb3eac0975e70dd3449791c9746b6dd987cdc35d5fc67443bcdc2f31160edb43880fcc0d
- SSDEEP
  
  1536:vmDqm1sOwNkYRMAEpQHljqHwisgc21+06Iygz7qfG5CffTpfHA/:vc1twfaAeQ4Hw9gc21+06IPkACxHA/
Score

1^/10
behavioral1 behavioral2
- Target
  
  ©ɱ/017.vir
- Size
  
  76KB
- MD5
  
  1f925776bac8f82128ce4b41a701aad0
- SHA1
  
  0d5e8140a716e5d1a359a1987e65be5deee5babe
- SHA256
  
  febb76aced959da4cb40998f8044bb56fd5b960e70de31b550d1b1001fc767ec
- SHA512
  
  6e8412d116232266a0d8627d4f1ba341ce4e5eb8647eb3099c2ee08a4fb60ead1981d86ff17218a002fee495e335f2f2ca0ffa8f80e7cf751d25cae03d91b43c
- SSDEEP
  
  1536:pEJRYIcj8rqtnPoqTmfaD5DgnpyGgUF5cDYMv:pCcwrK3T+aDWpfgUov
Score

5^/10
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  ©ɱ/020.vir
- Size
  
  181KB
- MD5
  
  2cde52ed4027f6bd5a39ad40bbe366c0
- SHA1
  
  1320257c41931f5c8fa0b4d0fd44f07ff58c2ca2
- SHA256
  
  59088a923769e165908059a49c5f4f077c68905cfcd6495f0b6dce39262248a7
- SHA512
  
  957ed935104362f09963fa54a0f0ede3e94baed24ecf45fdaa2746e4aec89984c0dc5d4e223386207c2b19b08008723ca4a6500a3c945d3a2e3e7c30a4fa756c
- SSDEEP
  
  3072:GU9UzUsAcPhN3TkVC7xdrwFIS/OTaOB6IWatLeJKB5UtYwxp2bI602:CUuxiFmTaO9BqYIQm2
Score

3^/10
behavioral5 behavioral6
- Target
  
  ©ɱ/022.vir
- Size
  
  88KB
- MD5
  
  2e58cd312465b9872ec1f8332358a650
- SHA1
  
  403af6c9fb6d7330c1e7e133b3edf1833469261c
- SHA256
  
  9d869c4f8ce9f38043d0171d15c7f78beee6f17098723059a2612fe6f2ec43f2
- SHA512
  
  34674d7486c76b5aea299831fc454af7af46d98a033302cc64c6c49929e52fdca2d2a6a60358cbeda255d6712aba9d6c4816442bebfc4a7d623c90e74f1f04f7
- SSDEEP
  
  768:s/4n0RuteIhW7WCP4j++Oua9diAbpToDtPZWga7LqEXcIVWTj3jo7H5xcgu5:Xn0kt/YiAbKPWga7LxcIizo1xcgu5
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  ©ɱ/040.vir
- Size
  
  135KB
- MD5
  
  4fe84fc378421449ce4796ae6662aa50
- SHA1
  
  7e5522d49418c237e1c06f6794875fa32a1fa3c7
- SHA256
  
  439f331f1193005bab42f18faed822b2b9345762a7a81ca501063d6e655ccae2
- SHA512
  
  4aa1337443548533e45e6d92d2b3d1e55bf263eb5c0854623a91602fca561a5303ff62d8905cff86ae02920f16ebef827e8fae0ab9e1c799acd0757482fa5895
- SSDEEP
  
  1536:4/yPJze2vZcTmW44YM6HsYYpQjXscm+ZNfycqNOMPCHSHuQH9ORVsvdj17dlK+Gq:4/YxeHTmucYgcdyxUIMPCcH9K6jHlKZE
Score

5^/10
- Suspicious use of SetThreadContext
behavioral10 behavioral9
- Target
  
  ©ɱ/046.vir
- Size
  
  63KB
- MD5
  
  5f9a1da20708e95e8ad4d6ef213b1e00
- SHA1
  
  8bf22d7882f392d7240a0f2a481f3e9ac9b02184
- SHA256
  
  ff926bf561b7686bc9a0ce7d2df800b8de463b841627bad4edcbdaed2bd0058c
- SHA512
  
  71d61a54209e1ce0e6713b59e42658f96b9a040d71d599a3faa3c1e9d01d47eea6e4a82aa643515241c9c18f1e3546defa18b73704213f5bafa609345c685a8f
- SSDEEP
  
  1536:nV9Clq6VZeD7AD4THuk+VoULlklI5PvYYslpd7:nV9oOAD4THxbULlkl8PgYsR
Score

4^/10
behavioral11 behavioral12
- Target
  
  ©ɱ/053.vir
- Size
  
  22KB
- MD5
  
  6b59283f1f10b7666ebdf66f322a1b50
- SHA1
  
  ffdaccc613492489b39982dec36183d080d60932
- SHA256
  
  5d87d8462de63ab0344faf12151b24c50e73a92776a435cd9eaf2685a6ebac74
- SHA512
  
  82f1e2dbb5c7bfa44353191603b19711e168b030980293bfb683efd0ef9d90503236e2dd87f1387bf0bed304d37a8f24d9868b6036cf0e1152d224bd47900d5d
- SSDEEP
  
  384:/v3BWbim/O47iybh61qnFT34cAxwr6+e9Pfqbn1:BW2mG2V8CFToPx3ha5
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  ©ɱ/058.vir
- Size
  
  96KB
- MD5
  
  7a2f9859651ce3b4a26832d9d64deea0
- SHA1
  
  e5c1d9423c99d175fa56ea9f9e704947bb5cee28
- SHA256
  
  323051b35b7e7bc333e4685fd0e6762b4c34ccde67a8b981460f46b8e7191995
- SHA512
  
  fe557ca5c3aeadf301b79f94c04bf190f933c420031e39768814628d80e32edad9e6d4e526e20137e273960f2a90fddd58b2deed191004c237a8953884bef71a
- SSDEEP
  
  1536:2o6AFLFfFJLHQNF0DYHVulE04xiHEVD0MeAMOXGIKBz+F/N7:ZFZLHQNF0DQulE0e4EVfdeBz+7
Score

1^/10
behavioral15 behavioral16
- Target
  
  ©ɱ/077.vir
- Size
  
  110KB
- MD5
  
  21d8ecd57783294141cf648361b6e170
- SHA1
  
  61ddd9abf3a2985ce57e7ba164f35be7acfa0d60
- SHA256
  
  45aa4f7c452193b44964e1c6d5fd9219f69a9c2d031db3a9620b059247831615
- SHA512
  
  6f5d83619bf173305fe66ae1c88c69c6c892ba70b12dc5be4cfeb7518ddbe6f1a3f4773bf179aee2d74a71578bf9b83216367212883dfa105f5f4951d1b2dc5f
- SSDEEP
  
  1536:B+VbfAE8hMRhkzM0r+A7EjbXUlfu4C8WIBI+rDfiv4lqXJSLwjw/tJFAZtqg:IVb4EUMszMsjHbWIFrDnqZc/tJFAZz
Score

3^/10
behavioral17 behavioral18
- Target
  
  ©ɱ/080.vir
- Size
  
  665KB
- MD5
  
  35b4961fe8a00f6c51df70beab8cf460
- SHA1
  
  b8e5f78380f066b4a1987f05afaef6a08f7e8990
- SHA256
  
  8cdccffd533f4d54596a5a686f48322d2f9a995acb2b9bfcc175c62915b1c948
- SHA512
  
  f2f75cea9ece39671e4ad266198bbbf0c27ea407e4e3fa5c2325003ea8baaf7a7cb5d239fbe14ec25d2354e06cde6f0d29bb2aa8ee7c2661816fea1bee3a7776
- SSDEEP
  
  12288:fhkDgouVA2nxKkozvdRgQriDwOIQmxiZnYQE7PJcD4anJVC:lRmJk8oQricOIvxiZY15anTC
Score

10^/10

evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral19 behavioral20
- Target
  
  ©ɱ/083.vir
- Size
  
  47KB
- MD5
  
  43ece23bc3643cb8f9f00236be372d10
- SHA1
  
  f4dff3deea262093342630d9cb9a1b6559e0b61b
- SHA256
  
  ce221ef17253fea274d68f688f401b4887bc8b5c516fa73601d08d0cb21850b3
- SHA512
  
  781d0f7fe3a33880c15098fed1d6abf57a875e8d3825fad690fe72dc78f31b04132bb4e18661e682bf33409db3240181ce2198decd1754ddde2868c127d822bd
- SSDEEP
  
  384:D2ciGXkW059C8YpAx7r6+e9Pfqbn12S3B/qiIpQYemv/I9Ve3WxSTfS7UIn:q7n3C8YaxCha52Sx/l00tSu4
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral21 behavioral22
- Target
  
  ©ɱ/089.vir
- Size
  
  92KB
- MD5
  
  51c7d3f4106b5557f9bdfaab4267be80
- SHA1
  
  b5fc281eb69f928836b87a368c75a463d0e98c32
- SHA256
  
  9e8daaef763f7ba248c473550d75ec675fa789ed61ac8796dd5357d928fcccad
- SHA512
  
  c800da51283853f39c1a2498e9d6395c38afe81dedfd0fdb25e33cba8ef50b4897e084924ae7b6a2f864c4cb4456c470c372e01f2333d80336ac3fa9491a35c8
- SSDEEP
  
  768:PpOOOgbxjhv+ZddsrCnDXn2tPIlnXOREbGnFkHjbGyrIMWG5ErjS:PpOOOiGZHkCDG1SmF2jbxWGq6
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral23 behavioral24
- Target
  
  ©ɱ/093.vir
- Size
  
  46KB
- MD5
  
  51ca495cbdd58cbdbba7bbc99cbc0c80
- SHA1
  
  2a26f1df3bdca11698acdd33d6093504da0e4832
- SHA256
  
  d8d68faba2ef3b401c98b34ab5154a49698194c8befbfd15cb00673ab8ff2159
- SHA512
  
  bc05d2aff2bdeb110e2cff03f9bb8bdb2032ed1dd85ee9c01eaf56bc372327cdd473af409a17a07497c75404149f710daa1da9075130598f5fd374b43b4301c0
- SSDEEP
  
  768:tAEEN9Cf4XEGZXDuT+pxvPDgAiXKZC2p2ng4nGwcsiOi+:tODZXcCvfA2p2nNWsiW
Score

1^/10
behavioral25 behavioral26
- Target
  
  ©ɱ/095.vir
- Size
  
  91KB
- MD5
  
  51cb4dfc2b2f5a5ffbd8f7cf2da9fe00
- SHA1
  
  f8575340416ba08ec070eba09d92f5be43a0cfbf
- SHA256
  
  a7fd4c347e3050e9727276234da1d12684680932ec16354e78559cfcfa2cd2b8
- SHA512
  
  0a065447a6596f3d94c1b7a522a178f638305a87c053e589c9887e1c858f9689553a9ae9d3820025dfde6b518efdbe1281f05b349b9d20a55859e56937a3478f
- SSDEEP
  
  1536:JqYBPvt0g3D88rW+NdySd6o2C9yZkHEXE9mWx7XRD+9T8cBfdqmGFL1M7zvU/9ol:JqYBPlF3Is9dAagZkkXE97FvWfdqmGFu
Score

4^/10
behavioral27 behavioral28
- Target
  
  ©ɱ/098.vir
- Size
  
  128KB
- MD5
  
  51ce35af2290923c37c62e124ed09950
- SHA1
  
  8d5eb3e768111d6eb27d4677dd6178672b9f7b23
- SHA256
  
  70983b6aef6f0cb1e34133876f3410534756219e0c2644fe3a91fc89a47d31e6
- SHA512
  
  d39c4b1e3cab4c6ddd7a98b33b18b285b84135e8d5387abb0051d8ee21eb27c0f85a82256633c160b49ea3ecdf4304fcd2ef94470231f42800814f4a640b0f60
- SSDEEP
  
  3072:ly72UA+oBj8JUiTWGO6K5+HAa/lzimsvZcwEfmS:liY98qytO66UYw
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral29 behavioral30

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Hidden Files and Directories

T1158

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Modify Registry

T1112

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Hidden Files and Directories

T1158

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Replication Through Removable Media

T1091

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

Suspicious use of SetThreadContext

Adds Run key to start application

Drops file in System32 directory

Suspicious use of SetThreadContext

Adds Run key to start application

Drops file in System32 directory

UAC bypass

Drops file in Drivers directory

UPX packed file

Adds Run key to start application

Checks whether UAC is enabled

Suspicious use of SetThreadContext

UPX packed file

Modifies WinLogon for persistence

Adds Run key to start application

Checks whether UAC is enabled

Modifies visiblity of hidden/system files in Explorer

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Maps connected drives based on registry

Drops autorun.inf file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30