Overview

overview

10

Static

static

7

1.exe

windows7-x64

10

out.exe

windows7-x64

2.exe

windows7-x64

8

2004_akt.scr

windows7-x64

10

3.exe

windows7-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    kys.rar

  • Size

    1.4MB

  • Sample

    240326-q17w8see2w

  • MD5

    fc8fccfa89094906cbd20f94794b89d4

  • SHA1

    b39f772bf2f6c79d81d8631d944320d7021c5711

  • SHA256

    98f0a95b821db0ee09af459cadefd860d332f635ea6021f148709fbbf78cc1bc

  • SHA512

    4f55d493a8488b017907b8029d04f7778f6ca9b9ed472cd96aad812809eabe75bca63916a4decc3d6d863337dcbbe72b46c927975bfce8b485a2e5874b03febf

  • SSDEEP

    24576:D+xsnXMlxw0Y6IOA1FTVeK0v3YLw+SHD+27pTEScwof3sqh3SY88nOKhR7AQtx:6GnXI/Y6IOEFTVjFw+SHa27pT7cHrSYr

Score
10/10
modiloadertroldeshpersistenceransomwarespywarestealertrojanupx

Malware Config

Targets

    • Target

      1.exe

    • Size

      285KB

    • MD5

      e9f2c106d42f4f0927de8bfa674bef16

    • SHA1

      48f570ef7138ead6607493c9cddc874041d7b277

    • SHA256

      d03f854fb903665514fbaf7a3d3d93c9644a3c6bd2fb4b01d4a2f5d9b299533f

    • SHA512

      31725dd0841d52ef53625f592a586be9c479a1d37b615917bf6d56af223da503834291e4db44693fcdde7b390007e38b7f472c99bc31bb50eb2ba3917cec28a2

    • SSDEEP

      6144:rsJBOMz6Yjddeym2cMLzvJtb7YzDh/U8IHj7PRJz:Y36YncqvJtH0e8IHXRJ

    Score
    10/10
    modiloaderpersistencetrojanupx

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader Second Stage

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      out.upx

    • Size

      318KB

    • MD5

      ee7fcbbaaffc573beffe99108ed6e2bd

    • SHA1

      db70016f62d03a0213901f50ffbfe07c789185b6

    • SHA256

      7bd63bc262c55f399a8c24d238435336b393ac4d019da12b93ab9ba60e601abe

    • SHA512

      bfcc023acd8c06164333f4a0c62824d1155ba3dc0d09b09392f64780e1730fb4a1cc3a9a551ce2d5151d015e49b43902cb98daadbd0f01a8a89b470e0d8a84db

    • SSDEEP

      6144:zEjSv5jpNfpALC2JE6HWA+VgBt5VYedSJ89vGyWjEq3Vu2fQzB5i:zRPnKJE6Hd+knV0V7lbYtA

    Score
    1/10
    behavioral2

    • Target

      2.exe

    • Size

      248KB

    • MD5

      c5e27fba0e03b770df0d05a390abe87f

    • SHA1

      f3e9ada6a4e30d773c6b3238166f4836fb08f1b9

    • SHA256

      2399c21439f97a3543fd9d123b83d26c90c4198fb0857379e68c581dec9e7754

    • SHA512

      73e7f9fc15260f33099ca5d230575ae83c2a3d52f9ecc0a74e7e882e254d406de2c8c29ea133cf2892f4536e9a147df798f1b3cf5f392f43c96c9513f1bd4245

    • SSDEEP

      3072:gW4S8eZB3aBRyewVVwVQnNwCEf+XGOfFjk/2VtB+2r+AyVMrqy/bv8Y7EJ1OpI:gW57aCBNdEf+2Of9I8TyVMr7b0Y4Op

    Score
    8/10
    persistence
    behavioral3

    • Target

      2004_akt.scr

    • Size

      1.2MB

    • MD5

      45bdd4ce24b504fd839d6b0f6a8af8e1

    • SHA1

      ff83cd3ec37b13c691e3bde78fc06b1baf40d544

    • SHA256

      57a92c1d989bdb7e94d0801f3b2c4d8078486d593b4c24817bcc40c6e57ee17d

    • SHA512

      78cc25eed5d61a7ef7afdced8cb5a2cb696002221dead0889e3da1ec3b93ae099560e226f4ad4cc4b372e278ddcd65fa1197c3944ec6b4943b146cef11258054

    • SSDEEP

      24576:UN4kLkBlpbA4fgecWQMkvIlG/hjqPuvCQe2TNGwCOIg02hs:SnolpNoszkvyQhjqPBQe2pGwtIg026

    Score
    10/10
    troldeshpersistenceransomwarespywarestealertrojanupx

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

      ransomwaretrojantroldesh

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral4

    • Target

      3.exe

    • Size

      205KB

    • MD5

      8bc7c863fc741aa28aa2361d7a319267

    • SHA1

      7550cc3b4fef6ea55df793d111f528d121689910

    • SHA256

      7dd789d126841ca1a04a17c95b0b23ff553d199a0ba24ac8dd8018bb0fde368b

    • SHA512

      88e2e759f4d2647279082f6b3b8cb5b9b29a7df3bc39cc91aefce59a995323b29901a80e3e94aa25a3ddfb5cf9b8f44947bb21067fbe127514b36e3ee9d51f52

    • SSDEEP

      6144:5RsJANwLlalnicjyaNGAnn2JZW5QoS1Z1Py97N7al:nYaVz7N5nn2JZwQV31kol

    Score
    8/10
    persistenceupx

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral5

MITRE ATT&CK Enterprise v15

Tasks