Overview

overview

10

Static

static

MOV-201408...vi.exe

windows7-x64

10

MOV-201408...vi.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    934db6330d40e8b8b3f5333eeeffceb1ef50eb401bcdb557cbac015903b445cb

  • Size

    593KB

  • Sample

    221127-swsb4acc8z

  • MD5

    e2008b0bc50ba2258c193d984b75fa65

  • SHA1

    e85cc161fbab04f1a1ac55b617c9b57d83bd3758

  • SHA256

    934db6330d40e8b8b3f5333eeeffceb1ef50eb401bcdb557cbac015903b445cb

  • SHA512

    0684c675ec867a55274f103d6dad8fe920f6159250a1dc40e28f7a3fa0a27e1edc02fa11ea65499c6eb0b366fb3fe7512d3f040387b20af0168d52765e838d04

  • SSDEEP

    12288:RTCKkuVuDhjJUG4l+Zbkju6Yf1P+ON/A3DLC9BNThq7QRuOi1o66:HkuChA3ju6oP+gAnErThq78Xwb6

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      MOV-20140822-WA0007.avi.exe

    • Size

      182KB

    • MD5

      4290dcaccb452c8f83d8797e62303e01

    • SHA1

      517129746f1b483569d1c7f06abbbb2a169f2aba

    • SHA256

      7299e17cda77ae183549394cd19bd1b95f199c186bdea59a813a7c92d98e151a

    • SHA512

      2b7babf63cd711f8c3ba41be3f1fdc84d3a6cbb32027f8791b8b792d54fe3f9a00be8dcaf4aa1d43f60337453965d8de25fef35b71aafd3268ecc3dd61173ec7

    • SSDEEP

      3072:2Pn053CqiPpNhHIfpp3jGO59/LHsknv7NdCNCt1GggFvPoJ2:2P2CLpQpzv9/LMkXCkm+J2

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks