General

  • Target

    VirusShare_0a033a22d4d17c5d9fa790cc242e3226.exe

  • Size

    220KB

  • Sample

    240302-rxddwsec3t

  • MD5

    0a033a22d4d17c5d9fa790cc242e3226

  • SHA1

    0abc116c568378dc4336702ed95bbe0e62667c50

  • SHA256

    74d299f7239d115b56e78a4e295596a80a3fc6072cec394e9491b3abe28305c0

  • SHA512

    c55c6987f6e6b116c12d873aaa9ae1abcaf6731c6ff7d964dfa98bb5ca0babacd90bb00520366e767ab462fd0f46d8ae219089e55f3688bb0b3e7c185dee422a

  • SSDEEP

    6144:MYOQQu253m/C/cvTg78caLGXPSRKZg/u:bOk253cCkvT8ayP

Score
10/10

Malware Config

Targets

    • Target

      VirusShare_0a033a22d4d17c5d9fa790cc242e3226.exe

    • Size

      220KB

    • MD5

      0a033a22d4d17c5d9fa790cc242e3226

    • SHA1

      0abc116c568378dc4336702ed95bbe0e62667c50

    • SHA256

      74d299f7239d115b56e78a4e295596a80a3fc6072cec394e9491b3abe28305c0

    • SHA512

      c55c6987f6e6b116c12d873aaa9ae1abcaf6731c6ff7d964dfa98bb5ca0babacd90bb00520366e767ab462fd0f46d8ae219089e55f3688bb0b3e7c185dee422a

    • SSDEEP

      6144:MYOQQu253m/C/cvTg78caLGXPSRKZg/u:bOk253cCkvT8ayP

    Score
    10/10
    • Modifies firewall policy service

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks