8811ba79350e34819cd998a11b5feb1065a305947e71c1cf735c6388a8c5f7ff | Triage

Submit
Reports

Overview

overview

Static

static

1

CS-TG-64-9.msi

windows7-x64

CS-TG-64-9.msi

windows10-1703-x64

CS-TG-64-9.msi

windows10-2004-x64

Sharing

General

Target

CS-TG-64-9.msi
Size

91.0MB
Sample

230828-ehbwasfd85
MD5

4c889869706b752690025b6ee8ac95e2
SHA1

d53a19935ecdc28a7b153f2036ae0a2c5bade940
SHA256

8811ba79350e34819cd998a11b5feb1065a305947e71c1cf735c6388a8c5f7ff
SHA512

faf2c1bcbf9ed08d90092d00112ffb47f21e474c221a4725144b6ca3a3c7de727dfb8ec965651a46efc61e2ca0f93e6fabc1b004c5d1f9ecb0e47e806990007b
SSDEEP

1572864:TCKawy0JEFm4X+8fXIA98xyB2Ywy6+hKstti21u4jaY/5AL+8s234jrXiQnNO2AM:TCKRl18vF8xyBuii21u4u+RrfxATRPdc

Score

10^/10

evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

CS-TG-64-9.msi

Resource

win7-20230712-en

evasion trojan upx

windows7-x64

20 signatures

300 seconds

Behavioral task

behavioral2

Sample

CS-TG-64-9.msi

Resource

win10-20230703-en

evasion trojan upx

windows10-1703-x64

17 signatures

300 seconds

Behavioral task

behavioral3

Sample

CS-TG-64-9.msi

Resource

win10v2004-20230824-en

evasion trojan upx

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  CS-TG-64-9.msi
- Size
  
  91.0MB
- MD5
  
  4c889869706b752690025b6ee8ac95e2
- SHA1
  
  d53a19935ecdc28a7b153f2036ae0a2c5bade940
- SHA256
  
  8811ba79350e34819cd998a11b5feb1065a305947e71c1cf735c6388a8c5f7ff
- SHA512
  
  faf2c1bcbf9ed08d90092d00112ffb47f21e474c221a4725144b6ca3a3c7de727dfb8ec965651a46efc61e2ca0f93e6fabc1b004c5d1f9ecb0e47e806990007b
- SSDEEP
  
  1572864:TCKawy0JEFm4X+8fXIA98xyB2Ywy6+hKstti21u4jaY/5AL+8s234jrXiQnNO2AM:TCKRl18vF8xyBuii21u4u+RrfxATRPdc
Score

10^/10

evasion trojan upx
- UAC bypass
  evasion trojan
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanupx

behavioral2

evasiontrojanupx

behavioral3

evasiontrojanupx

© 2018-2024

Terms | Privacy