Overview

overview

10

Static

static

7

5b758c4e7a...9e.exe

windows7-x64

10

5b758c4e7a...9e.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5b758c4e7aa3179f95182375faf4d29e

  • Size

    912KB

  • Sample

    240114-rnqb4abeer

  • MD5

    5b758c4e7aa3179f95182375faf4d29e

  • SHA1

    777cfbbf3c4bc927b1aea1acae290cf7a0ed1c47

  • SHA256

    324b3f8e601fdf7aef0aabfc3f06f7bd7f5457aa882b52bbbbc5d477ae3a7aa8

  • SHA512

    ac04704616b1e86d1e00e523d8fb1c49184a71f698c3e9aa52aec3b2545961005d4e5d231b82d7bbc2d3b68da8430288d24a74b9394d688009823ec8ca38f535

  • SSDEEP

    6144:GWZfec9EbXDk6RkQKm/UOPSe570Szp3b/UOPSe570Szp37E2EJuHOb/UOPSe570N:3ZWtI6RkfOB0vOB07wOgOB0vOB07aBB8

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      5b758c4e7aa3179f95182375faf4d29e

    • Size

      912KB

    • MD5

      5b758c4e7aa3179f95182375faf4d29e

    • SHA1

      777cfbbf3c4bc927b1aea1acae290cf7a0ed1c47

    • SHA256

      324b3f8e601fdf7aef0aabfc3f06f7bd7f5457aa882b52bbbbc5d477ae3a7aa8

    • SHA512

      ac04704616b1e86d1e00e523d8fb1c49184a71f698c3e9aa52aec3b2545961005d4e5d231b82d7bbc2d3b68da8430288d24a74b9394d688009823ec8ca38f535

    • SSDEEP

      6144:GWZfec9EbXDk6RkQKm/UOPSe570Szp3b/UOPSe570Szp37E2EJuHOb/UOPSe570N:3ZWtI6RkfOB0vOB07wOgOB0vOB07aBB8

    Score
    10/10
    evasionpersistenceupx

    • Modifies visibility of file extensions in Explorer

      evasion

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

      evasion

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks