Overview

overview

10

Static

static

3

ReasonLabs...up.exe

windows10-2004-x64

10

Resubmissions

20-07-2024 17:10

240720-vpm5xawbqr 10

20-07-2024 17:08

240720-vn2xnswbqk 7

05-10-2023 08:09

231005-j2ethsbe33 10

05-10-2023 01:40

231005-b3pq4saa24 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ReasonLabs-EPP-setup.exe

  • Size

    1.9MB

  • Sample

    231005-b3pq4saa24

  • MD5

    7e5c992dce119ed1ec5be91f40637cf3

  • SHA1

    989e7f3b1e0b18e6a3e174dfa8a9a42974e6d0d4

  • SHA256

    ad1a6967d927bf514233371b5ad7bf2b4beed79d517eccf43bab671b2390bafb

  • SHA512

    1f897a8a6f0f0303123b7e8e9e5f4c73ed0a4af268f525931ec8e7a7f34dd5c4b89c20cea80479706469b39d0ca0e3f9627ded73b0f5a2eadf98c238ec3382a7

  • SSDEEP

    49152:1dlGbParmF6IuCiTBQe+MbjC5/7aee7OAru:1dlMpF+CMQeRC5/7+7Ol

Score
10/10
cobaltstrikexmrigbackdoordiscoveryminerpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      ReasonLabs-EPP-setup.exe

    • Size

      1.9MB

    • MD5

      7e5c992dce119ed1ec5be91f40637cf3

    • SHA1

      989e7f3b1e0b18e6a3e174dfa8a9a42974e6d0d4

    • SHA256

      ad1a6967d927bf514233371b5ad7bf2b4beed79d517eccf43bab671b2390bafb

    • SHA512

      1f897a8a6f0f0303123b7e8e9e5f4c73ed0a4af268f525931ec8e7a7f34dd5c4b89c20cea80479706469b39d0ca0e3f9627ded73b0f5a2eadf98c238ec3382a7

    • SSDEEP

      49152:1dlGbParmF6IuCiTBQe+MbjC5/7aee7OAru:1dlMpF+CMQeRC5/7+7Ol

    Score
    10/10
    cobaltstrikexmrigbackdoordiscoveryminerpersistencespywarestealertrojanupx

    • Cobalt Strike reflective loader

      Detects the reflective loader used by Cobalt Strike.

    • Cobaltstrike

      Detected malicious payload which is part of Cobaltstrike.

      trojanbackdoorcobaltstrike

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks