Overview

overview

8

Static

static

Mu America...nt.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Mu America Lite Client.exe

  • Size

    447.8MB

  • Sample

    230115-cayc8age79

  • MD5

    e81d63164047b2ed6746c67d4ad95264

  • SHA1

    6d698d2380b0f18fdfc9f6607e2c588414881a84

  • SHA256

    78e81a3a9b8b96871b6ecb2cd1a617ae46f0f56afe6a910587f8d10925c120a4

  • SHA512

    acc4d90587811759afc10aeb163082e5525c702ca11ee2965d0e49d24f90d02af82feeb0afd9786371f5c0bfe5004c8c0cf1bf815487bf5458d163caddc7e0e4

  • SSDEEP

    12582912:bZlBYdZdtMf+SoMl9mS+Xn9YDwdV9QTnhwPKTczOyy:VIdM+Soo9mS+X9YDwJQ7SiTcW

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      Mu America Lite Client.exe

    • Size

      447.8MB

    • MD5

      e81d63164047b2ed6746c67d4ad95264

    • SHA1

      6d698d2380b0f18fdfc9f6607e2c588414881a84

    • SHA256

      78e81a3a9b8b96871b6ecb2cd1a617ae46f0f56afe6a910587f8d10925c120a4

    • SHA512

      acc4d90587811759afc10aeb163082e5525c702ca11ee2965d0e49d24f90d02af82feeb0afd9786371f5c0bfe5004c8c0cf1bf815487bf5458d163caddc7e0e4

    • SSDEEP

      12582912:bZlBYdZdtMf+SoMl9mS+Xn9YDwdV9QTnhwPKTczOyy:VIdM+Soo9mS+X9YDwJQ7SiTcW

    Score
    8/10
    discoverypersistence

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks