1449fce2d52bd0dd8dc422a0c5d17f4ab20af9615e0620d0e0992dca62a27ee9 | Triage

Sharing

General

Target

eh.exe.zip
Size

31KB
Sample

230327-lm3cdaeg8y
MD5

7689f559c24305a2292adf5c7c521e02
SHA1

cba38d7d9f2a6e18aeeb42fd47c6ff99bba281e0
SHA256

1449fce2d52bd0dd8dc422a0c5d17f4ab20af9615e0620d0e0992dca62a27ee9
SHA512

10f97de4026dc26e5873a682dcf63855a019da075b54f52f6e4cc7ae091ff3c1db29cdfadb5cb6adada0c3d49ff345d4bb6c58e2c7aa19b745e1a92335bb7da3
SSDEEP

768:nTUus+B9rCjjVXdF4j4ojmDZUybtJRUZYR:TUu/IjjVtOjVuZxvROYR

Score

10^/10

evasion persistence trojan upx

Malware Config

Targets

- Target
  
  eh.exe
- Size
  
  35KB
- MD5
  
  ea24f9297d11023076d9b10de14d15ec
- SHA1
  
  7a399ba2d7bc9b878d457a98bb34c325fb0ed164
- SHA256
  
  7a17c25be0c3e70aaea4f8987d981ea2042fdea62a13d60c430a0fc58b86db1f
- SHA512
  
  f1c63394a47510cfd396c802c4fc06c5bf3cd83ec27815326e2819b96dbeb19b62ed8ff8984cff07e9e4211a8dcd5c06339cc91ae8dcfa794fb717d302544e13
- SSDEEP
  
  768:g2B3kHsILvVTqUf7oViM9CCF9rnNR3u0+6C1nbcuyD7U8u:PeM9ICpPF9rNoyCnouy8H
Score

10^/10

evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Stops running service(s)
  evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2