9631acf789f74155979969f5345f3c057d1522287b1e1145f1bf6c7f0d678e69 | Triage

Submit
Reports

Overview

overview

Static

static

3

c25119e4c4...b3.exe

windows7-x64

c25119e4c4...b3.exe

windows10-2004-x64

Sharing

General

Target

c25119e4c431ccf4340539e3833d05b3
Size

368KB
Sample

240312-dr5djaeg9s
MD5

c25119e4c431ccf4340539e3833d05b3
SHA1

5b604bd15d3a864fe6c7a3262a69def5bf61ab1c
SHA256

9631acf789f74155979969f5345f3c057d1522287b1e1145f1bf6c7f0d678e69
SHA512

e77ad891144679e2e3d0eba3586143b5df45284dae6a92e5c1f3c452ebcabdef8d9b33f1c6129894dc8b61f37561a4826abfba8163d5cc564ec2fd7ec27c9d2f
SSDEEP

6144:z7OSgRuehAjP4WN52HTqjNPUF7x6y1Z1lqUylcD3PwcNWiW4QGYBjxYnnRt7xqGa:bgRuehAjP4WN52HTqjNPUF7x66yqD8f9

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c25119e4c431ccf4340539e3833d05b3.exe

Resource

win7-20240221-en

evasion persistence trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

c25119e4c431ccf4340539e3833d05b3.exe

Resource

win10v2004-20240226-en

evasion persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c25119e4c431ccf4340539e3833d05b3
- Size
  
  368KB
- MD5
  
  c25119e4c431ccf4340539e3833d05b3
- SHA1
  
  5b604bd15d3a864fe6c7a3262a69def5bf61ab1c
- SHA256
  
  9631acf789f74155979969f5345f3c057d1522287b1e1145f1bf6c7f0d678e69
- SHA512
  
  e77ad891144679e2e3d0eba3586143b5df45284dae6a92e5c1f3c452ebcabdef8d9b33f1c6129894dc8b61f37561a4826abfba8163d5cc564ec2fd7ec27c9d2f
- SSDEEP
  
  6144:z7OSgRuehAjP4WN52HTqjNPUF7x6y1Z1lqUylcD3PwcNWiW4QGYBjxYnnRt7xqGa:bgRuehAjP4WN52HTqjNPUF7x66yqD8f9
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Installed Components in the registry
  persistence
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy