86d42b100cad30fc6dda40b9e76f7085df4be611de9ca82a4c86f35602e94680 | Triage

Sharing

General

Target

41c3f1d901d0e6d06a6ba106be873bfa
Size

219KB
Sample

240104-ymhn7ahhbl
MD5

41c3f1d901d0e6d06a6ba106be873bfa
SHA1

992d5b45650f4e981a3a58f93c38d99ab0285b26
SHA256

86d42b100cad30fc6dda40b9e76f7085df4be611de9ca82a4c86f35602e94680
SHA512

61ad5bdaa91345b145267f3f70aea7a67230846c0c69a86342f94e27ed8b6937a33cb3496fb67788787b1a4f935c12eec1a5178a526c6f56000cacc891cfd121
SSDEEP

6144:IMz/OdoHx79p98oF9rCan2ACcadWYQ0qv5xrLQb1h:P/cop9vF9GYCYYQ065xPQb7

Score

8^/10

evasion persistence upx

Malware Config

Targets

- Target
  
  41c3f1d901d0e6d06a6ba106be873bfa
- Size
  
  219KB
- MD5
  
  41c3f1d901d0e6d06a6ba106be873bfa
- SHA1
  
  992d5b45650f4e981a3a58f93c38d99ab0285b26
- SHA256
  
  86d42b100cad30fc6dda40b9e76f7085df4be611de9ca82a4c86f35602e94680
- SHA512
  
  61ad5bdaa91345b145267f3f70aea7a67230846c0c69a86342f94e27ed8b6937a33cb3496fb67788787b1a4f935c12eec1a5178a526c6f56000cacc891cfd121
- SSDEEP
  
  6144:IMz/OdoHx79p98oF9rCan2ACcadWYQ0qv5xrLQb1h:P/cop9vF9GYCYYQ065xPQb7
Score

8^/10

evasion persistence upx
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2