Overview

overview

10

Static

static

7

bfe7376205...1c.exe

windows7-x64

10

bfe7376205...1c.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    bfe737620506583c7cddd18a71479b1c

  • Size

    1.1MB

  • Sample

    240311-fmjblscd95

  • MD5

    bfe737620506583c7cddd18a71479b1c

  • SHA1

    81e5a20461980bc70523812aca5a05edd873f81e

  • SHA256

    376bbe715542e816e16c94c55d3af8a1f50aea55ca85afc2b417a6bb4cd9241a

  • SHA512

    e87cc5c7d26c26ce2639468fd4b847e4bf628cbe513cb8e9dd12efce5db1d196ad64741413b3796c952803ee7689f89e14399e4ea30a631c8414bf3a84ebb341

  • SSDEEP

    24576:oPUrnjZrwdQkaX+DEzDfWtL1Sofi2s1tCpYeU:o8rjeWkaODEz9of5s1tkU

Score
10/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      bfe737620506583c7cddd18a71479b1c

    • Size

      1.1MB

    • MD5

      bfe737620506583c7cddd18a71479b1c

    • SHA1

      81e5a20461980bc70523812aca5a05edd873f81e

    • SHA256

      376bbe715542e816e16c94c55d3af8a1f50aea55ca85afc2b417a6bb4cd9241a

    • SHA512

      e87cc5c7d26c26ce2639468fd4b847e4bf628cbe513cb8e9dd12efce5db1d196ad64741413b3796c952803ee7689f89e14399e4ea30a631c8414bf3a84ebb341

    • SSDEEP

      24576:oPUrnjZrwdQkaX+DEzDfWtL1Sofi2s1tCpYeU:o8rjeWkaODEz9of5s1tkU

    Score
    10/10
    evasionpersistencetrojanupx

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks