Overview

overview

10

Static

static

10

lab6_sampl...5b.exe

windows7-x64

7

lab6_sampl...5b.exe

windows10-2004-x64

7

Resubmissions

05-07-2023 12:17

230705-pgf4qscb76 10

05-07-2023 12:16

230705-pfyx6acb73 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lab_case_study_samples.zip

  • Size

    1MB

  • Sample

    230705-pgf4qscb76

  • MD5

    28ae481e49781403c75a1cec101e613a

  • SHA1

    1eb047f9309e917043d7b1644e3b452b65d6fa97

  • SHA256

    d86443a44ce865522f1710be1d779b84b6cf49d04d61d0cbd0ed3e396aea9e02

  • SHA512

    675ebaea3bdc76bf3bf6280f40fa1c8ea39160737fc3d3fd7420eeeac8ecc7adec772d09ef261ce7b0543e25b0c624bcede1468a671453cdb2e330a70dfe8dcb

  • SSDEEP

    24576:HUtyX5bK3fhRCbgWH3RgVAFh/np7V3EC5DGLxJnkX8YMhFTQ8K6a:0IJbK3WkWBgVAF5p7lpiv/M8c

Score
10/10
darkcometpersistenceupx

Malware Config

Targets

    • Target

      lab6_samples/1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b.exe

    • Size

      766KB

    • MD5

      405dba47e2b03f53db2101444e6a925c

    • SHA1

      ed769ff77f46730a9b58a111c52f9e498ec00838

    • SHA256

      1e3966e77ad1cbf3e3ef76803fbf92300b2b88af39650a1208520e0cdc05645b

    • SHA512

      3628944242f0b9d80204dfddcea4189ee7f703ba4498c6a818c83d570d97477ec1273270fef65e993cb0f6bed2d0c915cd3d68a5b35375e257a3879f4859c869

    • SSDEEP

      12288:Qq9hmQkwvH0pmjqM31df4NIAOCIWL92Tnhz0ehT2LPXvLtJ:TpkwMpm+i1dfcjIw921z0GT2Dvb

    Score
    7/10
    persistenceupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks