General
-
Target
921914ae92f6e650289db252605304a1
-
Size
175KB
-
Sample
240205-qmfwlaagbj
-
MD5
921914ae92f6e650289db252605304a1
-
SHA1
2647cff0667d67edabfc09b571ead81b6b4ba8cb
-
SHA256
910b4a7d3bb7ac77ec69e29416dad12c24a27073699374cb7081ff1238a9db86
-
SHA512
88e81eb3590375d3df9315e8ff0c7fbd0dd0af78d02be28fab819b420c6e8a42b246839e67b52b751e5e329b38919f27f093ca1025c19cdc37d0e13397a4dd7c
-
SSDEEP
3072:J7RANI6jG6vOv99CpduMjrZcMRzdYPtuPiG+o1Km/snT/EBDouthe:JhsG486wu+oAaWT/EBDoSo
Malware Config
Targets
-
-
Target
921914ae92f6e650289db252605304a1
-
Size
175KB
-
MD5
921914ae92f6e650289db252605304a1
-
SHA1
2647cff0667d67edabfc09b571ead81b6b4ba8cb
-
SHA256
910b4a7d3bb7ac77ec69e29416dad12c24a27073699374cb7081ff1238a9db86
-
SHA512
88e81eb3590375d3df9315e8ff0c7fbd0dd0af78d02be28fab819b420c6e8a42b246839e67b52b751e5e329b38919f27f093ca1025c19cdc37d0e13397a4dd7c
-
SSDEEP
3072:J7RANI6jG6vOv99CpduMjrZcMRzdYPtuPiG+o1Km/snT/EBDouthe:JhsG486wu+oAaWT/EBDoSo
Score8/10-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1