97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12

Resubmissions

26/12/2022, 02:17

221226-cq1taafe7t 8

26/12/2022, 01:37

221226-b16lvafe6s 8

26/12/2022, 01:34

221226-by65lacd25 8

25/12/2022, 04:48

221225-fff8nsbb39 10

Sharing

Copy URL

Twitter E-mail

General

Target

97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12
Size

1.6MB
Sample

221225-fff8nsbb39
MD5

5015b3096f5bf7039c82684c2d88bf2c
SHA1

24aada32e2ac068d737866b6561e64a20f10f65e
SHA256

97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12
SHA512

808031a37f169702a6e495bbd7597a8a2dd6c7e0d9690d35b4b822aff59987db5674bea0a2da042343313463860f8ef987276a8f92fc670b541e091c99f5045b
SSDEEP

49152:g2LdRphDBhCTGFMWDumigm0pCiO5BAD70TfhxWYAhiISV:g2JRphjZM2UCGrIm

Score

10^/10

Malware Config

Targets

- Target
  
  97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12
- Size
  
  1.6MB
- MD5
  
  5015b3096f5bf7039c82684c2d88bf2c
- SHA1
  
  24aada32e2ac068d737866b6561e64a20f10f65e
- SHA256
  
  97c5a2a43d3d301f94d6226e60e12b08f04ce416ba2d1b93fa98b26fa9783e12
- SHA512
  
  808031a37f169702a6e495bbd7597a8a2dd6c7e0d9690d35b4b822aff59987db5674bea0a2da042343313463860f8ef987276a8f92fc670b541e091c99f5045b
- SSDEEP
  
  49152:g2LdRphDBhCTGFMWDumigm0pCiO5BAD70TfhxWYAhiISV:g2JRphjZM2UCGrIm
Score

10^/10

upx evasion trojan
- UAC bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

UAC bypass

Executes dropped EXE

UPX packed file

Loads dropped DLL

Drops desktop.ini file(s)

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2