Overview

overview

9

Static

static

1

utorrent_i...er.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    utorrent_installer.exe

  • Size

    1.7MB

  • Sample

    230302-wxxjzsdg4t

  • MD5

    b6b16ce1d51baf68aedf62e35e9390c9

  • SHA1

    428efbd8c1a3a92eac36694ef4ed0ba76801342a

  • SHA256

    52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e

  • SHA512

    996fac7d5311dd258972df0ed9e392aeefbd9a11bc38614347f296fc62b6164d039c9ae21a9e10dc49019cd8f7bcd6e2d37c89d990de23de146ee90f560bacbb

  • SSDEEP

    24576:S4nXubIQGyxbPV0db26sdGr9Y0kpZZymuz7lnAjEHLcfVLKswfsQ:Sqe3f6b9Ynpryh71SaLcfxOfsQ

Score
9/10
discoveryevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      utorrent_installer.exe

    • Size

      1.7MB

    • MD5

      b6b16ce1d51baf68aedf62e35e9390c9

    • SHA1

      428efbd8c1a3a92eac36694ef4ed0ba76801342a

    • SHA256

      52dda648edf6eab8fdb5187e2866bb337e73e9025a0e13dced7abe00f899d44e

    • SHA512

      996fac7d5311dd258972df0ed9e392aeefbd9a11bc38614347f296fc62b6164d039c9ae21a9e10dc49019cd8f7bcd6e2d37c89d990de23de146ee90f560bacbb

    • SSDEEP

      24576:S4nXubIQGyxbPV0db26sdGr9Y0kpZZymuz7lnAjEHLcfVLKswfsQ:Sqe3f6b9Ynpryh71SaLcfxOfsQ

    Score
    9/10
    discoveryevasionpersistencetrojanupx

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (625) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Downloads MZ/PE file

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks