5dcf383f864241b061dc3817a08b833657e01fab9f95e6168ebc093bbf032e30 | Triage

Submit
Reports

Overview

overview

Static

static

7

7bda31d949...3c.exe

windows7-x64

7bda31d949...3c.exe

windows10-2004-x64

Sharing

General

Target

7bda31d949bdc601d8eed73b96a8d63c
Size

342KB
Sample

240128-cc88haagcm
MD5

7bda31d949bdc601d8eed73b96a8d63c
SHA1

834d36b4cd84ae8b8890076001bcc03b738cb7b4
SHA256

5dcf383f864241b061dc3817a08b833657e01fab9f95e6168ebc093bbf032e30
SHA512

ae9c5718b8bf6be6ac4c5df5f03ec47d532f5bba42a115983a2ce240cb48a7898b82bb1e4821c8b2e474f904d75f2293ad5eefc03dd2f780ae222e09752da675
SSDEEP

6144:JdLyECo18b6fobHWTXeIBr3beX5htpHMa95xYDCsUQlKu:JdbI6IHSOYKXXtGa9DAzUQl

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7bda31d949bdc601d8eed73b96a8d63c.exe

Resource

win7-20231129-en

evasion persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7bda31d949bdc601d8eed73b96a8d63c.exe

Resource

win10v2004-20231222-en

evasion persistence trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  7bda31d949bdc601d8eed73b96a8d63c
- Size
  
  342KB
- MD5
  
  7bda31d949bdc601d8eed73b96a8d63c
- SHA1
  
  834d36b4cd84ae8b8890076001bcc03b738cb7b4
- SHA256
  
  5dcf383f864241b061dc3817a08b833657e01fab9f95e6168ebc093bbf032e30
- SHA512
  
  ae9c5718b8bf6be6ac4c5df5f03ec47d532f5bba42a115983a2ce240cb48a7898b82bb1e4821c8b2e474f904d75f2293ad5eefc03dd2f780ae222e09752da675
- SSDEEP
  
  6144:JdLyECo18b6fobHWTXeIBr3beX5htpHMa95xYDCsUQlKu:JdbI6IHSOYKXXtGa9DAzUQl
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy