Overview

overview

8

Static

static

8

AWTGNSSY.exe

windows7-x64

8

AWTGNSSY.exe

windows10-2004-x64

8

IVEKWU~1.exe

windows7-x64

8

IVEKWU~1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    9436e2f566a6bcfeb9494fccb98e2233cf0d801dec877fe4a0d415eb28f84571

  • Size

    2.0MB

  • Sample

    221201-p1gjlshd67

  • MD5

    a064be0c673aafd60d44cb49510f34b0

  • SHA1

    badcf8184fe9e2ee8b9f7100f847c2fe566f3723

  • SHA256

    9436e2f566a6bcfeb9494fccb98e2233cf0d801dec877fe4a0d415eb28f84571

  • SHA512

    86ecba530f30052bf7a552f09003bb76118c639bf915943cc52084e0842c07e3141b8074325c304809577b0ea7ee223dc989d332b2e6c3c2a6b9364b84cb9363

  • SSDEEP

    49152:l20vOIil7GG5uZNrxetUipqnYASSvC01EM/hWerqgOrcamGV:l20vOIi74ZNrxiUi1ASSvCEE2hZ+TrrX

Score
8/10
adwarediscoverypersistencestealerupx

Malware Config

Targets

    • Target

      AWTGNSSY.exe

    • Size

      2.0MB

    • MD5

      b448235af9e57740bcf0b18c67d94c43

    • SHA1

      8c785265a6849205961c260bcdc2c9deba2c15ab

    • SHA256

      33976e294eccc63d521291030def7b7c6dd792967ca77593c83ab29e9a6e83d9

    • SHA512

      d94b7ce617032ed61e437385f6d7d76534df8510a1eb751956ca73896ea872de5cc9b12d2b1cfda032364b15684b8c93edebb072ca39ae0975bacf72a00cfa04

    • SSDEEP

      49152:abMvuHZl7qm5bZprxQZgdpnzRA6cvaQp1Ev/0WlusqwcaPw:DvuHX71Zprx+gdLA6cvaqE302uTwrPw

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      IVEKWU~1.EXE

    • Size

      215KB

    • MD5

      6640048b02085e7869177319d2ac0972

    • SHA1

      1a2f95888df37643fd7b5628e3b6a76aae8e2153

    • SHA256

      b3bd6df999a1c6d5fa960c1fc129576226bb559038d7a15a1f787728a3812bf5

    • SHA512

      f2360f628eebe0fb3bd8664819605746ee08406f1898da6608d9322386fa2f3af1a22dcc76ff70694b37b1a4f09cef66c7ee77914f836faf21e4fccdac19c8c8

    • SSDEEP

      3072:7xNsB6jNa6kfaVSl5CNyaJ88fazVFotdY8/KgpQCjtCRbhmU7+IHh2yB6UkAORJr:7fq4HkfabeHaGspBRCRwU7+oxBAAo

    Score
    8/10
    adwarediscoverypersistencestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks