33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0
Size

3.4MB
Sample

230317-17c1jscc4s
MD5

41b8532d997713259f828693c247e2f6
SHA1

91ad435234c77841bdd2df3879752e4d0340d093
SHA256

33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0
SHA512

65a50595b57de8a6b79796ed4bfed86abfb6dabf84f830e25a4e40cf3c7f4ab663bfd079b7665a671b0594b9b17ec5d5a2bbd3367cd8f317887b00c1d63c8050
SSDEEP

98304:7aD2xzt49ndR/hqOAX7Jhh15VRN6UnNOzF7:vt4rqN19ne

Score

9^/10

discovery evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe

Resource

win7-20230220-en

discovery evasion trojan upx

windows7-x64

11 signatures

300 seconds

Behavioral task

behavioral2

Sample

33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe

Resource

win10-20230220-en

discovery evasion trojan upx

windows10-1703-x64

10 signatures

300 seconds

Malware Config

Targets

- Target
  
  33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0
- Size
  
  3.4MB
- MD5
  
  41b8532d997713259f828693c247e2f6
- SHA1
  
  91ad435234c77841bdd2df3879752e4d0340d093
- SHA256
  
  33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0
- SHA512
  
  65a50595b57de8a6b79796ed4bfed86abfb6dabf84f830e25a4e40cf3c7f4ab663bfd079b7665a671b0594b9b17ec5d5a2bbd3367cd8f317887b00c1d63c8050
- SSDEEP
  
  98304:7aD2xzt49ndR/hqOAX7Jhh15VRN6UnNOzF7:vt4rqN19ne
Score

9^/10

discovery evasion trojan upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasiontrojanupx

behavioral2

discoveryevasiontrojanupx

© 2018-2025

Terms | Privacy