5a4feb8dc6f6ba1214017e9a783e523d0661891bc78d41883e53afb4b8b411cc | Triage

Submit
Reports

Overview

overview

Static

static

3

3ca6c2f6b9...fc.exe

windows7-x64

3ca6c2f6b9...fc.exe

windows10-2004-x64

1

Sharing

General

Target

3ca6c2f6b910351c3210ac51bef6aafc
Size

372KB
Sample

240101-mwdwtahccp
MD5

3ca6c2f6b910351c3210ac51bef6aafc
SHA1

b55ae6418794a72d0bca1d479cd829023b0c703e
SHA256

5a4feb8dc6f6ba1214017e9a783e523d0661891bc78d41883e53afb4b8b411cc
SHA512

6d545363c940b30d9fe75bb9fa47b72347a76c77b611cee1a8f9db61f092d79d20ab0718ac1c6d33d7b2b778703f537bc7d14ad51dff11ae5e568fdc339744a0
SSDEEP

6144:mlmTMkJtrRTkY9fswtppH8CQUvW4yT93o0jSuxVlQTyy2oL26ET:my/G0swtbH8evW5T93zjSuxVWTyvoL2H

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3ca6c2f6b910351c3210ac51bef6aafc.exe

Resource

win7-20231129-en

evasion persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

3ca6c2f6b910351c3210ac51bef6aafc.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  3ca6c2f6b910351c3210ac51bef6aafc
- Size
  
  372KB
- MD5
  
  3ca6c2f6b910351c3210ac51bef6aafc
- SHA1
  
  b55ae6418794a72d0bca1d479cd829023b0c703e
- SHA256
  
  5a4feb8dc6f6ba1214017e9a783e523d0661891bc78d41883e53afb4b8b411cc
- SHA512
  
  6d545363c940b30d9fe75bb9fa47b72347a76c77b611cee1a8f9db61f092d79d20ab0718ac1c6d33d7b2b778703f537bc7d14ad51dff11ae5e568fdc339744a0
- SSDEEP
  
  6144:mlmTMkJtrRTkY9fswtppH8CQUvW4yT93o0jSuxVlQTyy2oL26ET:my/G0swtbH8evW5T93zjSuxVWTyvoL2H
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

© 2018-2024

Terms | Privacy