460a3e3a039c2d0bb2c76017b41403bf3e92727269f49b08778d33108278b58f | Triage

Sharing

General

Target

Birele.zip
Size

113KB
Sample

240308-nh5ytadg49
MD5

6ca327b67f1a2b2a4fbb7f342e15e7bf
SHA1

aab4a7d8199e8416ad8649fede35b846fc96f082
SHA256

460a3e3a039c2d0bb2c76017b41403bf3e92727269f49b08778d33108278b58f
SHA512

b7a7574ca52885e531aca71ebe52f7832f8a2436cda047e7686936fe0337eae7c4ebcc57df27c26316871d4167ea4e6794beb933f7c13efb0addac0d400e4d9a
SSDEEP

3072:KS3AAMRbzhdikdvWC5PWTAiloSQOE8rzl7YP++bA4k5:KgkRbPrdsAizPLy2+b0

Score

10^/10

persistence upx

Malware Config

Targets

- Target
  
  [email protected]
- Size
  
  116KB
- MD5
  
  41789c704a0eecfdd0048b4b4193e752
- SHA1
  
  fb1e8385691fa3293b7cbfb9b2656cf09f20e722
- SHA256
  
  b2dcfdf9e7b09f2aa5004668370e77982963ace820e7285b2e264a294441da23
- SHA512
  
  76391ac85fdc3be75441fcd6e19bed08b807d3946c7281c647f16a3be5388f7be307e6323fac8502430a4a6d800d52a88709592a49011ecc89de4f19102435ea
- SSDEEP
  
  3072:pYV/aVHN9ySTn34w33FVTyuGAxsvBLSqAKZqoqrxy031l3y:8adNlltyu3Pa5gr33
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  out.upx
- Size
  
  153KB
- MD5
  
  7711bcce494fc2053d74d5ae72c74973
- SHA1
  
  8cfcbd6e32f78c0ce8b98336be7d3402eaea59ae
- SHA256
  
  8480baa924171e02c61def06ae3e4192acc7c0c83eca6071ca4f735057cecd54
- SHA512
  
  4904eaf5d3849015caa690a88b6b886a0b74a6f8bc8d520940bf3ff6d3892ae83744445e3f9b00ce24a6c8ad70f4da1671fd48c20c2bb2dbe9a36c77356b9dec
- SSDEEP
  
  3072:Kd6gpEFonqvMYI5w8FEZO4kX3oJEiAwYh0qma05j0qZn:SpWYqvs+sfurYh0qmaMj5
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2