4f071935b4f40c97af5430c04763dd123bed3fcb95e7c1b1522785eba0fd8d94 | Triage

Sharing

General

Target

4f071935b4f40c97af5430c04763dd123bed3fcb95e7c1b1522785eba0fd8d94
Size

15.1MB
Sample

231207-pnawasaf33
MD5

8fbc7abf152534ed4f67bd79c9e1bd91
SHA1

ee0bab13a3340d4a7de054cce084861745bd4fa7
SHA256

4f071935b4f40c97af5430c04763dd123bed3fcb95e7c1b1522785eba0fd8d94
SHA512

131a308196766b3e77550444c73744844762e278573e8266155c9fa5226130afc7db454dbc73ceee6261340d169696ef3e68ea9f720f7893cff7ef5449e3ed74
SSDEEP

393216:SC5bXGDyZGUGaoJTeeLuSNPYzCskmsOKzI7hm2h/:Zb9ZGUGaoJ1JYfnKkdm2B

Score

10^/10

discovery evasion upx

Malware Config

Targets

- Target
  
  Psiphon 3.180.exe
- Size
  
  15.2MB
- MD5
  
  c100e968a91a576724033467b2163e38
- SHA1
  
  de37803bfd9f016af512208ae06296a55d389b74
- SHA256
  
  6fa6c7ad84d8cf15ad5a1f50685857ddbe4c7a4b055ff4433803487016553fc1
- SHA512
  
  d5a09600a0a4152c16b18f0dd9770d34364cd3d91d9e27cac16c88d7ed9800618245926dac930f1f6f363e6378a360950813ff0759837ceab509505c69e76e5f
- SSDEEP
  
  393216:rIB8BjPaVYRdSIxwo9nyf6QWMmsqVEtrMKr6:y8sVYR3Jy7HqqlMKG
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  _Silent Install.cmd
- Size
  
  1KB
- MD5
  
  49250755d31d59d1506c4bc9dc3076ae
- SHA1
  
  4bd58bb36e82c5f84483a608d18342bf7663ad84
- SHA256
  
  fe2e6af340c845688abd9c1a19fdcfcc7e8817a3535f6139cc119eaa94dc55e0
- SHA512
  
  cc2e6be6d4c726f1bdacc034f81a8403468f3d9a1c40fdb5b3dee6897a6b402c98e1ef7534b7f45462a96f0d81a291d89543e12c1ac7381be05e7fa0a66e0ee5
Score

10^/10

discovery evasion upx
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  _Unpack Portable.cmd
- Size
  
  1KB
- MD5
  
  03a0cc3243319d45abe3fb7994d2f9a8
- SHA1
  
  cb006d74666c921a05daa6f278626831d0ee44b9
- SHA256
  
  a6e3fa0747ac7babc9bb1d6bf51aef9d33c02621083f8747bc2a3b5eac53c823
- SHA512
  
  44e7bb06f729fb6959e0d67b16d5aa1eeca7372c6f5656aadac0e63c5aa5ed9da9b8f08eb63803c10d1e5b8d61a983c604d13b7a65c5013a968fe0cd485eb349
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryevasionupx

behavioral4

discoveryevasion

behavioral5

behavioral6