bd0494cea42d36438bf98d0af0d116ae0e28bfe5c781872d542af363ee952c4a | Triage

Submit
Reports

Overview

overview

Static

static

7

03cb907f4b...2b.exe

windows7-x64

03cb907f4b...2b.exe

windows10-2004-x64

Sharing

General

Target

03cb907f4beab39e215d3d1f1d5d0f2b
Size

504KB
Sample

231229-zrwmaacch7
MD5

03cb907f4beab39e215d3d1f1d5d0f2b
SHA1

952cc0d296bcddd8c90cd309edb22c590c6952c8
SHA256

bd0494cea42d36438bf98d0af0d116ae0e28bfe5c781872d542af363ee952c4a
SHA512

3ed8a00aeb389d2c212f2d6fb0f4c2601f13efead92d3c5bc8a041b3a6ea4245987dc7fab08147bedfc321b3eb7983aa72b3da9d29c73fba216b1137516456aa
SSDEEP

12288:sdY8xEbj5Rl4Ze54jTpBgkd7i1vbo02Yl0PFOp:u1Ebj5Rf8pBgb00FlkO

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

03cb907f4beab39e215d3d1f1d5d0f2b.exe

Resource

win7-20231215-en

evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

03cb907f4beab39e215d3d1f1d5d0f2b.exe

Resource

win10v2004-20231215-en

persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  03cb907f4beab39e215d3d1f1d5d0f2b
- Size
  
  504KB
- MD5
  
  03cb907f4beab39e215d3d1f1d5d0f2b
- SHA1
  
  952cc0d296bcddd8c90cd309edb22c590c6952c8
- SHA256
  
  bd0494cea42d36438bf98d0af0d116ae0e28bfe5c781872d542af363ee952c4a
- SHA512
  
  3ed8a00aeb389d2c212f2d6fb0f4c2601f13efead92d3c5bc8a041b3a6ea4245987dc7fab08147bedfc321b3eb7983aa72b3da9d29c73fba216b1137516456aa
- SSDEEP
  
  12288:sdY8xEbj5Rl4Ze54jTpBgkd7i1vbo02Yl0PFOp:u1Ebj5Rf8pBgb00FlkO
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

© 2018-2024

Terms | Privacy