Overview

overview

8

Static

static

7

4ddig-for-windows.exe

windows7-x64

8

4ddig-for-windows.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ddig-for-windows.exe

  • Size

    2.3MB

  • Sample

    231205-alrzgage69

  • MD5

    6959949d30bb64c6c0586597862fe0db

  • SHA1

    afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17

  • SHA256

    7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3

  • SHA512

    1efeda5294e85ef04389d18875fddac17e60b19cc47e3d7e47b8f4aaee9530f303fd3c6e30cf124ca2aeaeabb65b9364bf475386ac94dd978b028582d5453fcc

  • SSDEEP

    49152:N1OOKgkBsWP5UXpv4k6rKR31IDhvLLM0hXpWEntfJFJYzexpxwGy1V9fF:N1ZNKe54k6aFIDhvLzhXpLtf/JYCJyH/

Score
8/10
discoveryevasionupx

Malware Config

Targets

    • Target

      4ddig-for-windows.exe

    • Size

      2.3MB

    • MD5

      6959949d30bb64c6c0586597862fe0db

    • SHA1

      afdb5e6f6fb4d42518500d6c5eb063ba9ba23b17

    • SHA256

      7f61355d779e864d305b3e02f6aa09da634e06e82353255340dd01e2144256e3

    • SHA512

      1efeda5294e85ef04389d18875fddac17e60b19cc47e3d7e47b8f4aaee9530f303fd3c6e30cf124ca2aeaeabb65b9364bf475386ac94dd978b028582d5453fcc

    • SSDEEP

      49152:N1OOKgkBsWP5UXpv4k6rKR31IDhvLLM0hXpWEntfJFJYzexpxwGy1V9fF:N1ZNKe54k6aFIDhvLzhXpLtf/JYCJyH/

    Score
    8/10
    discoveryevasionupx

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      4.0MB

    • MD5

      acb3ab1fe5213dd9f2124f5689affd13

    • SHA1

      8993b7e9f1e32ccf83555e3e8644497e5682e01d

    • SHA256

      b000f431d755abae7dc5c0d8d065734bc54db0ffdcfe71d51e8fb5e812240fea

    • SHA512

      c4f6a1979809f154653bd614390067670eb1ea1a702e7223d4557d083d537a782167273fec1a0ab0d465e70b3c19b2e0c03be78b9cd647fa1bfce50d0e332a49

    • SSDEEP

      49152:6RS7vtq4tKkcNQ+/KZM0O7ENFbPsy0vUuMhLcqIaPuUM06UtEovpxwGy1V9f:6RS7vtq4RZ2KZC7UPsyLLcVg7yHl

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks