f507d0013f1be10cd42f8e091f37614c2b343f042fecf96f4568d54dfe982f84 | Triage

Sharing

General

Target

f507d0013f1be10cd42f8e091f37614c2b343f042fecf96f4568d54dfe982f84
Size

69KB
Sample

221203-wxsk2ade35
MD5

b3918d31c0c0b6bb769456ce6c688be9
SHA1

cfeafc7d741c5d2b14d31e265d23267598e19f05
SHA256

f507d0013f1be10cd42f8e091f37614c2b343f042fecf96f4568d54dfe982f84
SHA512

6a69a3288d0bd45840000f008e5ed3fc64b4b3dd7fba355a54f8fc4449f022df491a6f9cbd84b357cc95fd20270326df72ee5f78822e78f77a4e9b519518be6f
SSDEEP

1536:M/ZbE2kaqTH5asi7SLewNrscr4FzG+zhHs22tr+BuDGN19+I:M/ZbHqN9i7EhKckVZtUR0KO9n

Score

8^/10

upx

Malware Config

Targets

- Target
  
  WIS WLS WAS WTS Private Uber Hack ~ September 3 Update/ConfigUtility.exe
- Size
  
  20KB
- MD5
  
  207a1089bdb07cc9d1fdd66e2ae551a7
- SHA1
  
  be3c68d1f435f3094f53708362fa093c96fe1834
- SHA256
  
  5ca77161686e53956aaffb635d83a766a1b30e119ce20ca076c133d1e949b3df
- SHA512
  
  a84dd75e1871165c2dfad7865fedefe5b2f1f12bbd7e51427a3639e1162fba0db3c95397fface059e80571c88d6b24a3ea9769d7f3e9275e47f61173c224cd1b
- SSDEEP
  
  384:UMnEpLZY33btiaPUcetXdci46cRW64Qzy31/H6Wg0qN643OP83ndXeNF:UtvYHBrasRz4QzyFvM0qN6+O2n10F
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  WIS WLS WAS WTS Private Uber Hack ~ September 3 Update/ConfigUtility.exe.manifest
- Size
  
  383B
- MD5
  
  bb43bc84e7cf20f920e7ede32b07de48
- SHA1
  
  0d06204f49dc1415f352fa2aae9cfb211efb44bb
- SHA256
  
  e5666545187189206ce93f3fe3b60cf34364ec350a2d7f7d8ea02c5042c9b607
- SHA512
  
  4370464040c199288e9702d73c0e53b97f2a243c73016cdda76308c1a3e9b585a08bc32530c2571c6d549d3ced76d7d496be45e96a43c2e521e85baedd416799
Score

1^/10
behavioral3 behavioral4
- Target
  
  WIS WLS WAS WTS Private Uber Hack ~ September 3 Update/Read Me.rtf
- Size
  
  128KB
- MD5
  
  9ef119311eea4952cd189352fbf083fb
- SHA1
  
  dc3d2e860ca33b8cf1e308aebdd9080c4cc90fe1
- SHA256
  
  54b6e33b2e15e51e1c6053f07a953d33a706c6d2aee0aebc75364a9b07c7be27
- SHA512
  
  6740b069c4e1cdd200291e81021f3c53a3627b4c2968bbc4ef2e9200f4771c8be7834a681cb4cd0e4027d8aea256a2b8efa9b0b5f0571c884617288bc4bc366e
- SSDEEP
  
  3072:CT/Qj8QxqZzjspThOUoBGsjC4QFCqtgT/XsVWFKmOKAdTChVRDsfNP5d3w1iwwwB:o/QjgifNIx
Score

4^/10
behavioral5 behavioral6
- Target
  
  WIS WLS WAS WTS Private Uber Hack ~ September 3 Update/UH.dll
- Size
  
  23KB
- MD5
  
  609f7404f8e8c47914c52630bdb65673
- SHA1
  
  a5c52926add26c00ed9895d7491fddff4492fba7
- SHA256
  
  116a91c316fb777e4b46137e32593b12531eb9cb1656e74cfb16e7c8b3dfaad1
- SHA512
  
  0c75c6ed9579a068e69f139fa5d807e57475100c600537ba01e9c8f59c5b0ab994cab9c13e35ee36f292da6a351b576b9ed3e8a290cd216847ec62c4673da427
- SSDEEP
  
  384:GD6e4rZxKMPws2Y3hrPgd6n8Xe+KYEA5HiaPXoHhFBBZ/qSGY6YC2CFRrIUvjdLo:U4rfY/kx+XXe+Kr6H8TBZiYCtIkjdnk3
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  WIS WLS WAS WTS Private Uber Hack ~ September 3 Update/UHLoader.flt
- Size
  
  8KB
- MD5
  
  8f8158d80967562fb2d76dfcb5a19188
- SHA1
  
  1a64c72ae6c1c8a7559f604988816dc9ca130da8
- SHA256
  
  6142e17caccb2560d6b2b96772f9afb8cd0761d9d4f635851f09827e102a9280
- SHA512
  
  e6fd6a235883d4919c4de518416ca33fafd21bbcb1548d1661ccbb8d1042c0a38607d66b68704245fcc51ddc6f4f0c034ff25717c860c38662765d41c198f178
- SSDEEP
  
  192:wzKFkm6KLqdjLengc67igENH0iYnN8bFVbld+:FFkm6sqMngEh0n4FxP+
Score

8^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10