Overview

overview

8

Static

static

1

dxcpl.exe

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dxcpl.exe

  • Size

    240KB

  • Sample

    240306-spjflsca2s

  • MD5

    632c913e3c3e07b5a6c0d3f600ea0c70

  • SHA1

    873f9be8aea145f389b15297448d46f97ae017bb

  • SHA256

    a89cea7a62d62b3346f77428d1c9f35bf28aba1c1d23728019dfaf10b5d7c1fd

  • SHA512

    cd51b516b485c236325fc4b6c3ebd0fe92237a071ea19ed8dc1219892c54abe6adda54883551531dc647f864bef6467ac5d203944d8113af6192f5a381406332

  • SSDEEP

    1536:iW5zbd4hbTNQ9XftASiVHjpQXHgvLCv0B0Ui92bBH1Zbg+wgqXwJ3d6dhSD4nc2z:ktCMjPtO13M3Zww/Lh0042P0kzRk3

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      dxcpl.exe

    • Size

      240KB

    • MD5

      632c913e3c3e07b5a6c0d3f600ea0c70

    • SHA1

      873f9be8aea145f389b15297448d46f97ae017bb

    • SHA256

      a89cea7a62d62b3346f77428d1c9f35bf28aba1c1d23728019dfaf10b5d7c1fd

    • SHA512

      cd51b516b485c236325fc4b6c3ebd0fe92237a071ea19ed8dc1219892c54abe6adda54883551531dc647f864bef6467ac5d203944d8113af6192f5a381406332

    • SSDEEP

      1536:iW5zbd4hbTNQ9XftASiVHjpQXHgvLCv0B0Ui92bBH1Zbg+wgqXwJ3d6dhSD4nc2z:ktCMjPtO13M3Zww/Lh0042P0kzRk3

    Score
    8/10
    discoveryevasionpersistencespywarestealertrojan

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Modifies RDP port number used by Windows

    • Sets file execution options in registry

      persistence

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks