Overview

overview

10

Static

static

3

VirusShare...90.exe

windows7-x64

10

VirusShare...90.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    VirusShare_0cf46f706503926a159d4599f4370b90

  • Size

    67KB

  • Sample

    240204-pen2kabbhq

  • MD5

    0cf46f706503926a159d4599f4370b90

  • SHA1

    9b3bf5c6f1ddee88390475fa6d897da0c0dabd12

  • SHA256

    5a455d8a23c3dcb18343da07eb88b64706959f9cabdf36e9891966b72c779e74

  • SHA512

    5fa6127863caf6f4405ee10208034d5ce6725bf3476789d534cc416b353f7e2e3b17826874eca0b73f43faf93c1d6d01154c25c69aafcf8562800a74a44ca54c

  • SSDEEP

    1536:6KvDZokMaLnG/pKmI5OklnR80Sis59311j5G:6KFokxnGdkjGiu9F1

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      VirusShare_0cf46f706503926a159d4599f4370b90

    • Size

      67KB

    • MD5

      0cf46f706503926a159d4599f4370b90

    • SHA1

      9b3bf5c6f1ddee88390475fa6d897da0c0dabd12

    • SHA256

      5a455d8a23c3dcb18343da07eb88b64706959f9cabdf36e9891966b72c779e74

    • SHA512

      5fa6127863caf6f4405ee10208034d5ce6725bf3476789d534cc416b353f7e2e3b17826874eca0b73f43faf93c1d6d01154c25c69aafcf8562800a74a44ca54c

    • SSDEEP

      1536:6KvDZokMaLnG/pKmI5OklnR80Sis59311j5G:6KFokxnGdkjGiu9F1

    Score
    10/10
    persistenceupx

    • Modifies WinLogon for persistence

      persistence

    • UPX dump on OEP (original entry point)

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks