General

  • Target

    4f071935b4f40c97af5430c04763dd123bed3fcb95e7c1b1522785eba0fd8d94

  • Size

    15MB

  • Sample

    231207-pnawasaf33

  • MD5

    8fbc7abf152534ed4f67bd79c9e1bd91

  • SHA1

    ee0bab13a3340d4a7de054cce084861745bd4fa7

  • SHA256

    4f071935b4f40c97af5430c04763dd123bed3fcb95e7c1b1522785eba0fd8d94

  • SHA512

    131a308196766b3e77550444c73744844762e278573e8266155c9fa5226130afc7db454dbc73ceee6261340d169696ef3e68ea9f720f7893cff7ef5449e3ed74

  • SSDEEP

    393216:SC5bXGDyZGUGaoJTeeLuSNPYzCskmsOKzI7hm2h/:Zb9ZGUGaoJ1JYfnKkdm2B

Score
10/10

Malware Config

Targets

    • Target

      Psiphon 3.180.exe

    • Size

      15MB

    • MD5

      c100e968a91a576724033467b2163e38

    • SHA1

      de37803bfd9f016af512208ae06296a55d389b74

    • SHA256

      6fa6c7ad84d8cf15ad5a1f50685857ddbe4c7a4b055ff4433803487016553fc1

    • SHA512

      d5a09600a0a4152c16b18f0dd9770d34364cd3d91d9e27cac16c88d7ed9800618245926dac930f1f6f363e6378a360950813ff0759837ceab509505c69e76e5f

    • SSDEEP

      393216:rIB8BjPaVYRdSIxwo9nyf6QWMmsqVEtrMKr6:y8sVYR3Jy7HqqlMKG

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      _Silent Install.cmd

    • Size

      1KB

    • MD5

      49250755d31d59d1506c4bc9dc3076ae

    • SHA1

      4bd58bb36e82c5f84483a608d18342bf7663ad84

    • SHA256

      fe2e6af340c845688abd9c1a19fdcfcc7e8817a3535f6139cc119eaa94dc55e0

    • SHA512

      cc2e6be6d4c726f1bdacc034f81a8403468f3d9a1c40fdb5b3dee6897a6b402c98e1ef7534b7f45462a96f0d81a291d89543e12c1ac7381be05e7fa0a66e0ee5

    Score
    10/10
    • Modifies firewall policy service

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      _Unpack Portable.cmd

    • Size

      1KB

    • MD5

      03a0cc3243319d45abe3fb7994d2f9a8

    • SHA1

      cb006d74666c921a05daa6f278626831d0ee44b9

    • SHA256

      a6e3fa0747ac7babc9bb1d6bf51aef9d33c02621083f8747bc2a3b5eac53c823

    • SHA512

      44e7bb06f729fb6959e0d67b16d5aa1eeca7372c6f5656aadac0e63c5aa5ed9da9b8f08eb63803c10d1e5b8d61a983c604d13b7a65c5013a968fe0cd485eb349

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks