0bb7b95f9be12bf7f0d7881d007e00bcf404888d30f063f4fab1b5d7acdf0a48 | Triage

Submit
Reports

Overview

overview

Static

static

7

6dba6ad753...07.exe

windows7-x64

6dba6ad753...07.exe

windows10-2004-x64

Sharing

General

Target

6dba6ad753db34abcac6d544a7e43507
Size

508KB
Sample

240121-w6yteagec6
MD5

6dba6ad753db34abcac6d544a7e43507
SHA1

d556f9c0726b1f7dd3b129b715a0ed7303472d44
SHA256

0bb7b95f9be12bf7f0d7881d007e00bcf404888d30f063f4fab1b5d7acdf0a48
SHA512

903851dff3dced887ba686634b9d1528389f98cfe65045924d6e7180707832e0febcfc4525a1b071c012eb6999ced82ed4259e64fa1278422ac31e006cd8a813
SSDEEP

12288:4+x8j4HRNXhMnh2bV4TQboyOx23vPfm8kCH/zdh:4r0KnchzkydfbDdh

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6dba6ad753db34abcac6d544a7e43507.exe

Resource

win7-20231215-en

evasion persistence trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

6dba6ad753db34abcac6d544a7e43507.exe

Resource

win10v2004-20231215-en

persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6dba6ad753db34abcac6d544a7e43507
- Size
  
  508KB
- MD5
  
  6dba6ad753db34abcac6d544a7e43507
- SHA1
  
  d556f9c0726b1f7dd3b129b715a0ed7303472d44
- SHA256
  
  0bb7b95f9be12bf7f0d7881d007e00bcf404888d30f063f4fab1b5d7acdf0a48
- SHA512
  
  903851dff3dced887ba686634b9d1528389f98cfe65045924d6e7180707832e0febcfc4525a1b071c012eb6999ced82ed4259e64fa1278422ac31e006cd8a813
- SSDEEP
  
  12288:4+x8j4HRNXhMnh2bV4TQboyOx23vPfm8kCH/zdh:4r0KnchzkydfbDdh
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

© 2018-2024

Terms | Privacy