Overview

overview

8

Static

static

7

banish.exe

windows7-x64

8

banish.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    恶意样本banish(1).zip

  • Size

    25KB

  • Sample

    230210-dx8yxaaf9t

  • MD5

    e5f2fcd6f0327a18366243c8c657eb8d

  • SHA1

    0d195362be5e95e4c6efc264c8027c0720d344f5

  • SHA256

    bc41395bdf5ab2cf766aa20e660a78e179528f24a726c83e315c8e18fe04fa28

  • SHA512

    08d9fa86753c665554bbf49448055f5fbfa552125aed4526817c1099bbe4eaf4485a05fab80c3a211f84ead9869a36da1f3ebe596feda9aa036aac72fddc64a4

  • SSDEEP

    768:OdYPf4iv2EU6imZnGzDPAhLw6pqDp8WhOEck:cYPfaEWLA/4Dq5Hk

Score
8/10
discoveryexploitupx

Malware Config

Targets

    • Target

      banish.exe

    • Size

      32KB

    • MD5

      4a43ea617017d5de7d93eb2380634eee

    • SHA1

      b0af5aa27cd0e49955f1ab2d18d69f7bc8fd4d21

    • SHA256

      dfa5b7bbc23df9a1402063551c44eede0c9445b930291027830b3af0fbe4a549

    • SHA512

      c241538ccf8feeb115dec39fc5f668675769b2681d96d77bca1f5d826a4841ddbf8ed0f167bdee1ec70d623b7a6382c88a3aa3b85083898a71585ca47796852e

    • SSDEEP

      384:uEXkzu37tf1A3aXFDy7ZdAhqegVBJi/N5ZV6EMRbQaWTjwiewhOY85RGy+fzzFtC:u+euRG38y78h8g6EMRb9WXwiel3Gyyt

    Score
    8/10
    discoveryexploitupx

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks