Overview

overview

10

Static

static

3

40a96c42e5...0c.exe

windows7-x64

10

40a96c42e5...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40a96c42e50077f03f9873a696427b0c

  • Size

    316KB

  • Sample

    240104-mwg88sged8

  • MD5

    40a96c42e50077f03f9873a696427b0c

  • SHA1

    5932ee55845edbeb10c7bc612b88eb2f1c7316cd

  • SHA256

    37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb

  • SHA512

    45883c375d9384a99065db8e33778647e31ca7c16baee5f46ef859baf21954b72b7e100ef96adaf3e581cff8a60ee0d91ebe98b364ef9ad7eb3bf0d6efc64b84

  • SSDEEP

    6144:vvm10YVZB6KrpwL3nigP+JjwR99SMI27DKEJxDdMSvN:GWYVZE4pYNmZ69SMI8Jxhv

Score
10/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      40a96c42e50077f03f9873a696427b0c

    • Size

      316KB

    • MD5

      40a96c42e50077f03f9873a696427b0c

    • SHA1

      5932ee55845edbeb10c7bc612b88eb2f1c7316cd

    • SHA256

      37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb

    • SHA512

      45883c375d9384a99065db8e33778647e31ca7c16baee5f46ef859baf21954b72b7e100ef96adaf3e581cff8a60ee0d91ebe98b364ef9ad7eb3bf0d6efc64b84

    • SSDEEP

      6144:vvm10YVZB6KrpwL3nigP+JjwR99SMI27DKEJxDdMSvN:GWYVZE4pYNmZ69SMI8Jxhv

    Score
    10/10
    evasionpersistencetrojanupx

    • Modifies WinLogon for persistence

      persistence

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Modifies WinLogon

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

2
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

4
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

2
T1547.004

Defense Evasion

Modify Registry

5
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks