5b018d8382e33713eba0b60b394e6f69edc0cd20aee7e384f5004403264d2781 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

eefbc5ec53...b3.exe

windows7-x64

7

eefbc5ec53...b3.exe

windows10-2004-x64

8

Resubmissions

02-08-2023 18:58

230802-xm1pbsad9s 8

02-08-2023 11:37

230802-nq59jsed88 7

Sharing

General

Target

eefbc5ec539282ad47af52c81979edb3.exe
Size

38.3MB
Sample

230802-xm1pbsad9s
MD5

eefbc5ec539282ad47af52c81979edb3
SHA1

aaec03da8855551b2a02e10a1a854773a59d927c
SHA256

5b018d8382e33713eba0b60b394e6f69edc0cd20aee7e384f5004403264d2781
SHA512

8bf362d964736ea6f410689f8035d55985ccb6b2a7dc2dec1d60404dff639ed430cf27629e2f8f8416c38b3a3a86e6b6057faf107c7ac189170f6fca569aac27
SSDEEP

786432:VM8WEOFy2FEFX1aJAH8uvJ8mSehmtFP1VF1ZK3wUKx69gabHrteE1:EFyxwAXCmScuJZTKa69ggHrteE1

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

eefbc5ec539282ad47af52c81979edb3.exe

Resource

win7-20230712-en

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral2

Sample

eefbc5ec539282ad47af52c81979edb3.exe

Resource

win10v2004-20230703-en

persistence upx

windows10-2004-x64

22 signatures

1200 seconds

Malware Config

Targets

- Target
  
  eefbc5ec539282ad47af52c81979edb3.exe
- Size
  
  38.3MB
- MD5
  
  eefbc5ec539282ad47af52c81979edb3
- SHA1
  
  aaec03da8855551b2a02e10a1a854773a59d927c
- SHA256
  
  5b018d8382e33713eba0b60b394e6f69edc0cd20aee7e384f5004403264d2781
- SHA512
  
  8bf362d964736ea6f410689f8035d55985ccb6b2a7dc2dec1d60404dff639ed430cf27629e2f8f8416c38b3a3a86e6b6057faf107c7ac189170f6fca569aac27
- SSDEEP
  
  786432:VM8WEOFy2FEFX1aJAH8uvJ8mSehmtFP1VF1ZK3wUKx69gabHrteE1:EFyxwAXCmScuJZTKa69ggHrteE1
Score

8^/10

persistence upx
- Downloads MZ/PE file
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy