Overview

overview

10

Static

static

8

6cbb322bfe...c2.exe

windows7-x64

10

6cbb322bfe...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cbb322bfef6e81cfd213d3eda7f842ca913701bed5c04dba514719d1d675cc2

  • Size

    1.1MB

  • Sample

    221127-c7wkwsha31

  • MD5

    c0aafe1e2534073cb8f77668dfe8aa1d

  • SHA1

    1d86c0980cb1f0e4b0abffb15d6692422ade8496

  • SHA256

    6cbb322bfef6e81cfd213d3eda7f842ca913701bed5c04dba514719d1d675cc2

  • SHA512

    1f00fe27f8329f9658b43c5c5ff701340f3d702efd29d89ccf3f4c40308bb66df74414bf15920a61fbe45d6bba318f590ed2f156ac244a40bf50aee1f13dadd0

  • SSDEEP

    12288:3ZWtI6RkUerQZb+md4w1UVoe7tkNFSAqOm5yOvei3DJ2v:3uhaUerQZb+md4wmSeZRA5e2v

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      6cbb322bfef6e81cfd213d3eda7f842ca913701bed5c04dba514719d1d675cc2

    • Size

      1.1MB

    • MD5

      c0aafe1e2534073cb8f77668dfe8aa1d

    • SHA1

      1d86c0980cb1f0e4b0abffb15d6692422ade8496

    • SHA256

      6cbb322bfef6e81cfd213d3eda7f842ca913701bed5c04dba514719d1d675cc2

    • SHA512

      1f00fe27f8329f9658b43c5c5ff701340f3d702efd29d89ccf3f4c40308bb66df74414bf15920a61fbe45d6bba318f590ed2f156ac244a40bf50aee1f13dadd0

    • SSDEEP

      12288:3ZWtI6RkUerQZb+md4w1UVoe7tkNFSAqOm5yOvei3DJ2v:3uhaUerQZb+md4wmSeZRA5e2v

    Score
    10/10
    evasionpersistenceupx

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks