efe9ba2c8084472cf4fac4d21480b9cc809c8253ea7c099973cf54c3525d44f5 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

uTorrent P...67.exe

windows7-x64

8

uTorrent P...67.exe

windows10-2004-x64

8

Sharing

General

Target

Torrent Pack 1.2.3.67.zip
Size

15.8MB
Sample

230411-2dtlwafh26
MD5

5abc7e8600549d43d63f9c86ed7f7b28
SHA1

48f98cb5425e073d7b78c3c5012719768a332fda
SHA256

efe9ba2c8084472cf4fac4d21480b9cc809c8253ea7c099973cf54c3525d44f5
SHA512

45db31fa36a274e56d9080c178c6e1ff7657fbe7d1d65d19c40e37e5583f6edd69335be22dcf0d45a0472b54f0eb077ced41cb252dac7ce37a137d47b679cc3e
SSDEEP

393216:WYwzX5AP/Qt3Dgs2xn335M8L24O+Q3qsxuGtI49cH:AWP/u52xHo4ODIGtp9cH

Score

8^/10

discovery evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

uTorrent Pack 1.2.3.67.exe

Resource

win7-20230220-en

discovery evasion persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

uTorrent Pack 1.2.3.67.exe

Resource

win10v2004-20230220-en

discovery evasion persistence upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  uTorrent Pack 1.2.3.67.exe
- Size
  
  15.9MB
- MD5
  
  cbf996e96cd06db811de1d829caf42b7
- SHA1
  
  1b4639c72f029356e1cab75a93156870876a9cb8
- SHA256
  
  33d22276564210fc9f61290d692593d6992c1ce9b0372bddcccb96923cf47bee
- SHA512
  
  0e561599a03aeb6c77a711e6f2e940a8310795b3106a2b5b4fcb8312ba176d503a44caa92f5d73b547d36061dcf3ece178ebb0525dee455e5e002d2ba81ecd50
- SSDEEP
  
  393216:AIBVVYF9Yz1hmYUn9bplkcL08yusPq6BA4XYWHwb:xwF9UpUnDq8yXQ4X1Hwb
Score

8^/10

discovery evasion persistence upx
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2024

Terms | Privacy