Overview

overview

10

Static

static

8

ab850bf153...a0.exe

windows7-x64

10

ab850bf153...a0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ab850bf1539bb95bf30effa3d14290fd0b3dc8de9bd1e6b761029807ed3dcba0

  • Size

    546KB

  • Sample

    221128-fqqj4age26

  • MD5

    55c839a0f4d8df8143af4008311fb6f1

  • SHA1

    ab73754ed5b86ac1579a552a349d839862d0b250

  • SHA256

    ab850bf1539bb95bf30effa3d14290fd0b3dc8de9bd1e6b761029807ed3dcba0

  • SHA512

    71ad9e18216f7fb82e00dc90fc89737d5f49527589c0dc9aac4e122145a6097875c312025ae6902ba8e43c5592a012053c940175f10bbee179e453770720b91b

  • SSDEEP

    12288:eWukz+Lu35Pt/GAGNNxmlX8vVrT2/BO6AZ8Fbqk:eozWu355vGPEB8vVrToLjFbqk

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      ab850bf1539bb95bf30effa3d14290fd0b3dc8de9bd1e6b761029807ed3dcba0

    • Size

      546KB

    • MD5

      55c839a0f4d8df8143af4008311fb6f1

    • SHA1

      ab73754ed5b86ac1579a552a349d839862d0b250

    • SHA256

      ab850bf1539bb95bf30effa3d14290fd0b3dc8de9bd1e6b761029807ed3dcba0

    • SHA512

      71ad9e18216f7fb82e00dc90fc89737d5f49527589c0dc9aac4e122145a6097875c312025ae6902ba8e43c5592a012053c940175f10bbee179e453770720b91b

    • SSDEEP

      12288:eWukz+Lu35Pt/GAGNNxmlX8vVrT2/BO6AZ8Fbqk:eozWu355vGPEB8vVrToLjFbqk

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks