Overview

overview

10

Static

static

winprofile

windows7-x64

8

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c870025f693df5311e58f7213b426f7ec204e21255a4737723bf5efe24ff72de

  • Size

    1.6MB

  • Sample

    221206-fga32she34

  • MD5

    61494a835ce331d776c27fc6584930c7

  • SHA1

    b8c85f0cfb217441608e7019f193579e03047082

  • SHA256

    c870025f693df5311e58f7213b426f7ec204e21255a4737723bf5efe24ff72de

  • SHA512

    c605862f9b9264d7333b75091f1f7495459680139f0e44a6db3826ac51091cea83f5a051513c979219029ae694cab073231fea4d3adfed31000dbb7e6a3cd902

  • SSDEEP

    49152:O2Jd3BBHWSCVaUMmKaEahivTVLW2Rx0fC+jeE6N:O2j3BzCVVFKa+7I5fC+S7N

Score
10/10
evasiontrojanupx

Malware Config

Targets

    • Target

      c870025f693df5311e58f7213b426f7ec204e21255a4737723bf5efe24ff72de

    • Size

      1.6MB

    • MD5

      61494a835ce331d776c27fc6584930c7

    • SHA1

      b8c85f0cfb217441608e7019f193579e03047082

    • SHA256

      c870025f693df5311e58f7213b426f7ec204e21255a4737723bf5efe24ff72de

    • SHA512

      c605862f9b9264d7333b75091f1f7495459680139f0e44a6db3826ac51091cea83f5a051513c979219029ae694cab073231fea4d3adfed31000dbb7e6a3cd902

    • SSDEEP

      49152:O2Jd3BBHWSCVaUMmKaEahivTVLW2Rx0fC+jeE6N:O2j3BzCVVFKa+7I5fC+S7N

    Score
    10/10
    upxevasiontrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks