Overview

overview

10

Static

static

3

b7433dc4de...aa.exe

windows7-x64

10

b7433dc4de...aa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7433dc4de9676276bba102f171358aa

  • Size

    403KB

  • Sample

    240306-ndsgxsaf92

  • MD5

    b7433dc4de9676276bba102f171358aa

  • SHA1

    9c9f39850fe3a414651bab6c81b04b4d6d1523f0

  • SHA256

    2a0295f5bab05005fd6e3bf733fcb5e5f153674ad01b8aaf2179e05d8580f3c7

  • SHA512

    64a8e82899891fc809bf68c0c0a6f6d45e8b0dcba2445b77da2b2bc40895b48431aa8572096589450d48a2272200c4b17c0bc9539f5feaa46503cbfd3482b218

  • SSDEEP

    6144:tBZn9oaRZ0RDG1NQv0Q/ldddHBDcuydIe/vgPux34toGwKMTMjexpnr90T:RlRZrNQv13ddH1crdrRxt4MgqrnyT

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      b7433dc4de9676276bba102f171358aa

    • Size

      403KB

    • MD5

      b7433dc4de9676276bba102f171358aa

    • SHA1

      9c9f39850fe3a414651bab6c81b04b4d6d1523f0

    • SHA256

      2a0295f5bab05005fd6e3bf733fcb5e5f153674ad01b8aaf2179e05d8580f3c7

    • SHA512

      64a8e82899891fc809bf68c0c0a6f6d45e8b0dcba2445b77da2b2bc40895b48431aa8572096589450d48a2272200c4b17c0bc9539f5feaa46503cbfd3482b218

    • SSDEEP

      6144:tBZn9oaRZ0RDG1NQv0Q/ldddHBDcuydIe/vgPux34toGwKMTMjexpnr90T:RlRZrNQv13ddH1crdrRxt4MgqrnyT

    Score
    10/10
    persistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks