Overview

overview

10

Static

static

7

1_1.exe

windows7-x64

10

1_1.exe

windows10-2004-x64

10

25000.exe

windows7-x64

5

25000.exe

windows10-2004-x64

3

3.exe

windows7-x64

10

3.exe

windows10-2004-x64

10

311.exe

windows7-x64

7

311.exe

windows10-2004-x64

7

711.exe

windows7-x64

7

711.exe

windows10-2004-x64

7

TSmm

ubuntu-18.04-amd64

1

se.exe

windows7-x64

7

se.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malz4.zip

  • Size

    2.7MB

  • Sample

    230327-lnrbhaeg9v

  • MD5

    1dfbb4ac59c9f8cbf42cc90264705b5d

  • SHA1

    be978ce4165952d97b394d2f5085738613e1858d

  • SHA256

    0549c7fd709a5090661a3a61e4ebd0e22c6f50defcf6304c6792676480ad4728

  • SHA512

    a58e45ac2fbce88fac479d29950fc6d4633cedbbbe8e655ef14ea121775c038bd861e27921b0dafb70afe800b37a26e973b638bd20f1dd8556b302762baddd86

  • SSDEEP

    49152:UMH6oS2Qxo2YiUXs46l+/+EkDzPFotnxgul92aZcJJCN6VLlGt7XvEPEp:UMtQxo2XET6pzPFOnnC9JgMLlGt7Xtp

Score
10/10
evasionlinuxpersistencetrojanupx

Malware Config

Targets

    • Target

      1_1.exe

    • Size

      63KB

    • MD5

      7e9c5a2e10f7d966717f4e2b8aedfcd2

    • SHA1

      a7a576dd188fbfcdf749d106ec8d73234668c785

    • SHA256

      08716d33225c9d60c5c5bfeaab298f5e1691465879372c7c25859a87754835d0

    • SHA512

      e6a7e5090977b41f68cf5efa35964ef67c2c1dce5e83590d055e82fb19321f50371194152bf3ad946a7d3212caa143675b286c2129317db873b376454f5d053e

    • SSDEEP

      1536:TM9340XLdiG1WXwg5j01W+2sJTJzigOBZnO9:TM93rXLUG8XwuCJ+lBZO

    Score
    10/10
    evasionpersistencetrojanupx

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

    • Target

      25000.exe

    • Size

      1.3MB

    • MD5

      4386706f14a77b47736e5e487e515861

    • SHA1

      4c7feb1c9f69a9fb4bd2b3cf7041fd7e840bf7a6

    • SHA256

      e0dd242ccbf9b60c4c801534e43478e6acd4d691f3330528326bc3470aaac7bd

    • SHA512

      efb8027cc07237beb926b5dca09d524a0658ff0b4633f866bbe1410af57a5e9383fa54f3b1ec4adc13edfd446630686fbebeb14ebf0099d9357ca9c8ba0937aa

    • SSDEEP

      24576:0pC8mUD6c7FFRIqZerzVhSpgyCGbkW9poKaVXDcq9:h8N7FFOSK+YWpbaRDv

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

    • Target

      3.exe

    • Size

      107KB

    • MD5

      79e9fd6ac556f3c6cf2658ddaa4640cb

    • SHA1

      c80c25718a14e09bb5f43417f51b0d8b2258ed8d

    • SHA256

      17efb3fc81c57c384b4e1fd4e6c83525271fbd7b3c3af2647287b93eb83b7651

    • SHA512

      73ff5d06f129d48a9bb026834031d6ea4932afee5d14d18b9603d5744baa10392e637b81c2f172035fb277be832d907a67ad48ebf3f6b30429afd56debf5043a

    • SSDEEP

      3072:TGwIcQX/RqXB2MiHpQYVFTFlemiU3EaqRsJjm:KwIDcXBlyqYFOUA2C

    Score
    10/10
    evasionpersistencetrojan
    behavioral5behavioral6

    • Target

      311.exe

    • Size

      560KB

    • MD5

      f77f8f2151012a32813ed0181c205882

    • SHA1

      6d652b36b38fc352060050f2608975749aae32b5

    • SHA256

      dbd4052fc52d018d93db9ace8d02f3642320305677e070516fdcbf7effa34d82

    • SHA512

      feec9974d0f5f3dc927d22b075d3dc7a3f7d33ef24d111be7d428a287dc3d604f14714a81144eb8ade7677d68a79c474083c2838e2c7735132dafdf4face5581

    • SSDEEP

      12288:vElAhHtn1bvzSP6iTn1UserksHkU5KrVclb6ajydnl:vEShHLvmP6+19egRG10nl

    Score
    7/10

    • Executes dropped EXE

    behavioral7behavioral8

    • Target

      711.exe

    • Size

      560KB

    • MD5

      0dd35f87b7bd22843ba334c1eb57fba2

    • SHA1

      a6559c856f32fa4f9a75b94eef60277e98b4c1c4

    • SHA256

      aee72b6f41fe5d09e93b7c7f5a04433b67c48b2eb07b00c1160d490b283cbcf0

    • SHA512

      7e98f4c99f3ed7dded534f701d5101543ee782fe1b55b47f8ddf8d12cbb426ab903a67cf76b75e6ae14abfcca6cd37dec5effa51de4ef011ab68055dbc1e829f

    • SSDEEP

      12288:vglAhHtn1bvzSP6iTn1UserksHkU5KrVclb6ajydnln:vgShHLvmP6+19egRG10nln

    Score
    7/10

    • Executes dropped EXE

    behavioral10behavioral9

    • Target

      TSmm

    • Size

      1.5MB

    • MD5

      0789a361636579ac9d0e44c9962bb7bd

    • SHA1

      29bd3604bca7cba866f83cba10bc37af97654bb3

    • SHA256

      01c13263c1fe49129c3bf94b38cbee2a2437fafc562e23dfb2bfbeb30eb21720

    • SHA512

      a81feef629650d7079f3b1907959eff8e6c724e9c44bcbec4af1b2ce6dfd24ba6ba1d3b3316db320f637eb32b5cb9814c7c0ec0139192111fd1c7424ec6ad231

    • SSDEEP

      24576:hNJp/2SkgT4KUAopmhDO2Aan9XgnU6tZAf4Nzbm6g+qF2SdYOrhGF+bL+cH8y6LL:hNvOx/Vp/2bn9XgnNtmf28rhybccIwhL

    Score
    1/10
    behavioral11

    • Target

      se.exe

    • Size

      96KB

    • MD5

      b7b347f1aebf2ef10369faf14e0bb2fb

    • SHA1

      258e9a1ec916d66b510849192fba6c05fdcdaec7

    • SHA256

      589b185221797c8dc67bc586f8c2e3c463a06771e53744afa082c04be7fe5763

    • SHA512

      4baa49881edb3dea09d6ba8a71cbbcfc597a94657ef2265a5bffb38d2d481579e4215c5674360d490bd3a2913017b606c7e14564db64f645d910e809271b44d3

    • SSDEEP

      1536:GRtxXnig5/VUJyWryEXe8T1g6hypxc/lkJ5jj1fV8cGDmtY:GhN5/VmbTC6hyQ/OJRj1V8cGCtY

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    behavioral12behavioral13

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Bypass User Account Control

2
T1088

Defense Evasion

Bypass User Account Control

2
T1088

Disabling Security Tools

6
T1089

Modify Registry

10
T1112

Credential Access

Discovery

System Information Discovery

5
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks