de033cf7fa0281ec9fc8588a561ddcd115003616ad3a9392c83bb9e8e129678e | Triage

Resubmissions

22/04/2023, 22:54

230422-2vkqashc35 8

22/04/2023, 22:35

230422-2hzcxshb49 8

Sharing

General

Target

Windows_Loader.zip
Size

1.7MB
Sample

230422-2hzcxshb49
MD5

e2783d4ba8091a750d03c6d067ecdbba
SHA1

4d93e88569919d1a6ec07aed81a3d731b9b8d603
SHA256

de033cf7fa0281ec9fc8588a561ddcd115003616ad3a9392c83bb9e8e129678e
SHA512

527b98d08626de40c41af1dafb611af85e74a1ffb19539460010bb204be20d9abfe3f8600cc22a6d669b720febed69105eba61b05c26347f47fa422f6b70f115
SSDEEP

24576:VXIXnm7placo6SiG+PHdxo53V9tkKToNWLBiUxY28VzVX33oq6cOPuGMVcrNsb3n:5IXIm+xopggBYbVXoynTVkszX3

Score

8^/10

discovery exploit upx

Malware Config

Targets

- Target
  
  Windows_Loader/Keys.ini
- Size
  
  15KB
- MD5
  
  3ba4950bcf43b1c7b714a1d93b57ea86
- SHA1
  
  31e7963d19a5e7282d1b6e7476b8923ab26cb8a0
- SHA256
  
  1384c5fd758a1bd8c9372594503e22d71b0877d332886a1b7d50cb86c4a0a13c
- SHA512
  
  2165e5047334940b77c93bbe4b2eaae1fe924069a9f946f39dd0f5533c0e161a7322e63de378194b96294d33c494240209dd1f6f32dd45c580cb0c058dd93148
- SSDEEP
  
  384:WskcEQbtTPQ7xa3VUEV/HwRGjyfdW6fnxZbQr:Ws2QJw+hPz+flbQr
Score

8^/10

discovery exploit upx
- Possible privilege escalation attempt
  exploit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Windows_Loader/Read me.txt
- Size
  
  32KB
- MD5
  
  3e83d11dcd0d1dc8b6cf531353cf9e81
- SHA1
  
  0853bfd45b91252a7dc10bd34a4aed267ee67e43
- SHA256
  
  b5fcbf4b91c436640aab0e8106f942cd47080bf799a22d747b5cf898bd13475c
- SHA512
  
  18f67001f935021a80b4ee81a9a8ed3b2f9239f8f1d2779114631f90aef4d91d109b15c0722d8cdc13bbc6bac652e361b0835e6a075a3ff55fd4ed7f6f393fcc
- SSDEEP
  
  768:pKymLFrk3yV2pX/htvMGOHkOaf7luCfp3yeIvWVp9h:o5k3yV2pvhtvMGOHkOaf75fp3yeuWVpX
Score

1^/10
behavioral2
- Target
  
  Windows_Loader/Windows Loader.exe
- Size
  
  3.8MB
- MD5
  
  323c0fd51071400b51eedb1be90a8188
- SHA1
  
  0efc35935957c25193bbe9a83ab6caa25a487ada
- SHA256
  
  2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94
- SHA512
  
  4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e
- SSDEEP
  
  49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt
Score

7^/10

upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3
- Target
  
  Windows_Loader/checksums.md5
- Size
  
  145B
- MD5
  
  cab45d50be4c1fc788d29593464b1f35
- SHA1
  
  d38b7abee249bc2751dd5373b358f69b895d5a8c
- SHA256
  
  c083f57ac4d8a5eaf9bc934f08204a691fa9e4fd275f90aaadfd195a4eef820f
- SHA512
  
  ee9548867850c018544c2d1cbf512ea759be2fd276113ae89354cdbcae7fd549bf47bbf3ccdbce5ff8a17702dcd36f90b01f512da576fc9528a41e87d2c378f4
Score

3^/10
behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexploitupx

behavioral2

behavioral3

behavioral4