Overview

overview

10

Static

static

1

Castillo Ilusion.png

windows10-1703-x64

10

Resubmissions

15/03/2023, 23:53

230315-3xrr3aac5t 10

15/03/2023, 23:40

230315-3pahtafh64 8

15/03/2023, 23:22

230315-3cpf7sfh38 8

15/03/2023, 23:13

230315-27lhcsab6v 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Castillo Ilusion.png

  • Size

    18KB

  • Sample

    230315-3xrr3aac5t

  • MD5

    125e4b68057e1add67e180d1521887fc

  • SHA1

    f85f8a4eb31256a3faa6a78ad3c7522c590ff0ff

  • SHA256

    bb03d5caa29fc615064646fcc059bf17f47f15fab4124b65978ad3353c3f937f

  • SHA512

    15de02726190ff66b499300dca72bd9806b28fa2d1fb1c49d759a6f58534459343e6c90f50e47068470b17e079b6f379cc241bb23bb0798e69c4d0cd516c301e

  • SSDEEP

    384:3JXE05rw04CwecdIG2WQ5BYN1vCbCHQC1cyphC23h6yyQa:l35rw0bWdIk4oWCHYw3Na

Score
10/10
discoveryevasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      Castillo Ilusion.png

    • Size

      18KB

    • MD5

      125e4b68057e1add67e180d1521887fc

    • SHA1

      f85f8a4eb31256a3faa6a78ad3c7522c590ff0ff

    • SHA256

      bb03d5caa29fc615064646fcc059bf17f47f15fab4124b65978ad3353c3f937f

    • SHA512

      15de02726190ff66b499300dca72bd9806b28fa2d1fb1c49d759a6f58534459343e6c90f50e47068470b17e079b6f379cc241bb23bb0798e69c4d0cd516c301e

    • SSDEEP

      384:3JXE05rw04CwecdIG2WQ5BYN1vCbCHQC1cyphC23h6yyQa:l35rw0bWdIk4oWCHYw3Na

    Score
    10/10
    discoveryevasionpersistencespywarestealerupx

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks