Overview

overview

10

Static

static

7

7bea8b8826...1a.exe

windows7-x64

10

7bea8b8826...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bea8b8826a210e63595f90dd2f02b1a

  • Size

    139KB

  • Sample

    240128-c1fk4ahdg7

  • MD5

    7bea8b8826a210e63595f90dd2f02b1a

  • SHA1

    7282afb77e54b750cdf4028f2bc3d9919cd4907a

  • SHA256

    e089bff514be911e3abcd9c45d35193e91d12b521381a48d6408b2f8359a7d14

  • SHA512

    0e24e1f918fc80b10b1cf7a84b0c0d23c6228c08a1122aa15ec59175f4ac8422cfef5fd2b7153e9df34f89b9f5777936fa5e3bd6745efabe1cd35d5156ddc0ef

  • SSDEEP

    3072:bxWqPmyFTG1UH55L+37rrgiYP/oX7DotGL2DjxWn:bxWizFTGyH6X8e7z2fxW

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      7bea8b8826a210e63595f90dd2f02b1a

    • Size

      139KB

    • MD5

      7bea8b8826a210e63595f90dd2f02b1a

    • SHA1

      7282afb77e54b750cdf4028f2bc3d9919cd4907a

    • SHA256

      e089bff514be911e3abcd9c45d35193e91d12b521381a48d6408b2f8359a7d14

    • SHA512

      0e24e1f918fc80b10b1cf7a84b0c0d23c6228c08a1122aa15ec59175f4ac8422cfef5fd2b7153e9df34f89b9f5777936fa5e3bd6745efabe1cd35d5156ddc0ef

    • SSDEEP

      3072:bxWqPmyFTG1UH55L+37rrgiYP/oX7DotGL2DjxWn:bxWizFTGyH6X8e7z2fxW

    Score
    10/10
    persistenceupx

    • Modifies WinLogon for persistence

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks