54bb19d9608d11a4849f932e0a4fd54055cdbeffe6d99625597657d14d0cbc29 | Triage

Sharing

General

Target

978d2dd05b64c061e376c1bb02e8fc26
Size

693KB
Sample

240212-zfzvkade28
MD5

978d2dd05b64c061e376c1bb02e8fc26
SHA1

e8d34055445b5c60e87bf1f16c5d92c75d5df6d8
SHA256

54bb19d9608d11a4849f932e0a4fd54055cdbeffe6d99625597657d14d0cbc29
SHA512

e6e45e18580636d0138494e0996d3d15e4f09bf5f39aa0ddf8575025bb1e817346b27048d5cc725d79dc0d128259b9da4d893cfcf5395e0352e718b9498cce92
SSDEEP

12288:ouKlGQneEkjXbZR0d8XRmTdm1h14PTpPh8YkeiS+oBJE6WmjTxGENx9/ezxP:HKlGJLUhJmlUpvkei6B6Mx9kxP

Score

7^/10

discovery persistence upx

Malware Config

Targets

- Target
  
  b
- Size
  
  8KB
- MD5
  
  2e80c7d9f8057842102a560ce34ebe0a
- SHA1
  
  235742dacf80ab1c0a66e5cd357193c1be229f2d
- SHA256
  
  986a3b4731399c7f4a83e3a5bff327a31f91d4fdc25ccd5f1c92dfcc5226e141
- SHA512
  
  dd9b64ba3ab487e6d959eb22f92048b775e4233b3b738f32467cb174084af83a0b6c87befbc4da11fcafe7a4fdfc92cf5298f8e7e5ff033a7151fe094ae61702
- SSDEEP
  
  192:bMAEA3rDYLy7YtRSUPeUveEvBRuQCVk+pxDVWOoyb/Q2wUWAclDW:bphy2S2xcOXb/QzUWAclDW
Score

1^/10
behavioral1 behavioral2
- Target
  
  d
- Size
  
  12KB
- MD5
  
  f7ea595c55f5ffa763c08009d7faa9f6
- SHA1
  
  09657539e61f6797c43635a5a4f23e5b5dab84bf
- SHA256
  
  b5116b10b82d52bdd2444e880d5fc0f9f925388fd6b2996b16fd2012c2b5be8e
- SHA512
  
  34e02ace55e3cb171145424fc335e56053186fd9dd30b3204c89228f5ad13a3821304967440195db6c514c9ddc6bf55f7b0c91b381536c79bce210018a7e96ef
- SSDEEP
  
  384:GMWdI3KBcb+3sEZZHBncyB1z6Q+tivsPciWdI3KBcb+Kk3h8zWlwXqMI:GMWdI3KBcb+3sEZZHBncM1z6Q+MvsPcT
Score

1^/10
behavioral3 behavioral4
- Target
  
  d.dll
- Size
  
  33KB
- MD5
  
  638a6f2b03c828e9b3c77c104c56f4ea
- SHA1
  
  ec1d56a6530a3004aa49d748a9c8385801cf0029
- SHA256
  
  8e2db43518297a45d664dcaaf6ee29a93e8cb9ea28e5fff96324628f74871fda
- SHA512
  
  b8c943cc17ab646546ba7f6ccd9246f6e3bde665a450932d40ab418fd36421cbf00385e8e1074e4e2477a6abb2e343f4cd1bd312bd6200601a8cddf572579609
- SSDEEP
  
  384:rydxlutNDYbeTOf0sZfkEuHn8j/eGJldIUwWg3a4TjNADTmLJZORk112zifNtizt:eDmca+G8vwWg3aeWXaJn/FSt
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  g
- Size
  
  36KB
- MD5
  
  7b05eeb032dad81411bffd16cf90a3bb
- SHA1
  
  072d931f18b34e59e6992404f92da8bb6ab3575b
- SHA256
  
  c4e289e68d76a39c9997580cb249f6b8bf2f40da9955b9f149f0058063bef47e
- SHA512
  
  4e341ec2804ff6490b814ba7f1e284286c14e65663511f242eba863a9de136bb39a7c0e060cbe1758d81ffb28bf7c08f23ffa90a9100a41950e982f06818b38d
- SSDEEP
  
  768:1sU00y24kcnzl+mn9mqCZmYh79f5WIlEq1IEbzSetVaV3YQuCxVzaLFGBg9+Z6Gl:6ey24FR3E8yCEbzSz+sTSxHgBbSxHgBL
Score

1^/10
behavioral7 behavioral8
- Target
  
  ka6ber.exe
- Size
  
  561KB
- MD5
  
  b3027dffa9bbac7e1999223cf737200b
- SHA1
  
  04f7be390d135405b5d1925b205c0c871301b522
- SHA256
  
  79f6b4271df1773fff40117e4d3b5dcee71e2ec149d749541d0160e2873b88eb
- SHA512
  
  4bbc090301c821f3fa8f008d4e1262a80b00b0f36fdb365bb76b78f4d679789cc4b30dcb8b4008730492312d5d93eb55de44cbae5bcb2368c63f2373613c6109
- SSDEEP
  
  12288:GP7CFdIekSytTtTcZ5Oz6Y147em6cZLxd9f0OimJfL:u7CIiCtTcPV7lL1jxlL
Score

7^/10

discovery persistence upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10 behavioral9
- Target
  
  msn.dll
- Size
  
  18KB
- MD5
  
  f1f6421f7bb0066bd07cd3815f909dec
- SHA1
  
  e50d31a4997917b45d8cbf853e8e38790147315a
- SHA256
  
  eed72e4c94aa36067739c060496908f8a7c61919085b0e84bc0f2446d309cd6b
- SHA512
  
  b100f5bff9dc185cad9fc2946b30f51a78c4622592421651e03c32260556103c9f876217391b878524f547335f53d167c6434f219ec2b8bdc313129c9f9fad15
- SSDEEP
  
  384:A8c+3LB74HE3sxQwNjdNH3+ocTE9mWAFWUyrGu:AM4HE3sWwZH3+/E9H
Score

1^/10
behavioral11 behavioral12
- Target
  
  norton.exe
- Size
  
  17KB
- MD5
  
  66f13513a4e7f45ea7c296b628803bac
- SHA1
  
  216011df77440759ee08c79e393fef154ca38760
- SHA256
  
  075b2cab621c656906f5b47759174e1c25e13e31d2901595b1b3a3cd0702b4fb
- SHA512
  
  a0c173aa662dac7cfe30ecf26daefc03cfb56072b682249aa40074b70d3c3e5190185a9af3ec2997f6d26ef18353025d255cccc3b11121749be5981d551b8104
- SSDEEP
  
  384:AyrDnQ8QuBg2gNywewwmD6CEsLxY8riKm6PlkceLqH+5yltUGp3:FxQuBggAwmD6CEsLxNrnJkk+0ltUS3
Score

1^/10
behavioral13 behavioral14
- Target
  
  of.exe
- Size
  
  17KB
- MD5
  
  403db7f54bc6f10c6bbe50a3319d57f0
- SHA1
  
  cb871a277173c48696cf54c125e941049eaf600a
- SHA256
  
  552419e0336c5bdbde605dfe16d01f8f3a8902a69ca80d4ff0c9729d84dd046b
- SHA512
  
  86a2781a3c963d6ece677aaff686c9e4d0fa62b4080b9f86cfaf6a81f0b3280e93e49b3b2fd3d92f44862911c9c2f885b944660d35c59082f5b015c723bd4331
- SSDEEP
  
  384:EF+L8Ou9nyyERvT3KSNOP5udBSFpeVwHGrwWzRR+UpuEUK8i:o2u9nyyojKSm5GsXeVCGrwiRRh8
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral15 behavioral16
- Target
  
  ps2m.exe
- Size
  
  31KB
- MD5
  
  07eea3ffad9e129dfb5f2f114056c708
- SHA1
  
  add1c3999d90b7daa21e327c37bc9e12c3f0dbb9
- SHA256
  
  e5af59995f32bb058f2bfd5137cb3aca02849eae7c63e561f43bd5f5f5586381
- SHA512
  
  3af300a5ffb23557157909580dbf989e356d3b60a4b06e605f99a2ee0bac3d4ff04c9824d56712c36a5ed6a2501610566877ce90b906ff09f32a139d6403bafa
- SSDEEP
  
  768:au0W+0oacWJSbQIchmzXN7c1S8N3GO/0H6TbzkXw:au9ZSkNgXNse6T3kXw
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  scans
- Size
  
  7KB
- MD5
  
  acb2c9ec24f67197d18003755e3ebb07
- SHA1
  
  e781fc571186ca2b8c656b8b8db27da813b0a0ed
- SHA256
  
  71563defd2d0651b91a3e65f93880056363b5ad991c143d983dafa807621d49a
- SHA512
  
  e524d05256cf27a8174ba4f4a7ded4c7a10376184b1235901f43c1e5e49845a887bc5adb916b096201223ca2dd5a58bf77b335c41a82bc2eeebd107726452a87
- SSDEEP
  
  192:ODrJlfcql0BnkkuT484qYXECwR9tfmLyy39MdeTp:ml0BnkkuT484qPCsy39sU
Score

1^/10
behavioral19 behavioral20
- Target
  
  securaq.exe
- Size
  
  19KB
- MD5
  
  8570e9b52e6f54370f2c61fa65116544
- SHA1
  
  ed2908171197a891b8350654258b39d1eb5c6535
- SHA256
  
  79f362e80c42ab1bd1f1040c87661f0d2d9f99c1b7b98f15f234e8123330a645
- SHA512
  
  6c7a85c19bf7662d3834e95eab1ca5313ad778c8392e3acdae1b7ecb80a63fcba6a84a1396160b1534bc1e44d80397fc114a75f5e3d949a313f168fcaf9c5b0a
- SSDEEP
  
  384:zSAWJ37B1tF0o6ujMp+0llAq5NlivtS3ZGfW3NBAxqh2n:zSAWZnL0DbfllAqdivtSF/Uqh2n
Score

1^/10
behavioral21 behavioral22
- Target
  
  test
- Size
  
  21KB
- MD5
  
  947f0dd14d68dc884228f93ab64ce3d9
- SHA1
  
  c4a2a4c09cbeb19fd25e242df4f203faf220d81b
- SHA256
  
  a9ed45ce38189f58f2bc24430edfe3f2ea4221020202ca7fd87130e06d3d0f7f
- SHA512
  
  e5b66a5ffa303c691b2e47f19be1aef8a95202bbb06894d962bb26bbbf1f4570da0ee53b8a4d9dc760f4a27d8f591908c6d9d7afdfc49377bd9fc853a37b548e
- SSDEEP
  
  384:6YzJO6Q20Hp0HGBpxlbfh6NcfOF9ktrKQZYEmEaqEXj9:8XSm7rLJe
Score

1^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

discoverypersistenceupx

behavioral10

discoverypersistenceupx

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24