cba94934ac8f7ae780c28513d650dba002f70c1a7f0839221e16c3f44a915cb4

Sharing

Copy URL Twitter E-mail

General

Target

cba94934ac8f7ae780c28513d650dba002f70c1a7f0839221e16c3f44a915cb4
Size

213KB
Sample

240327-ayqxyaah7s
MD5

6031dcfe1ac1f4adbb0f70cee6a2966c
SHA1

739b5d1a6e4aba0c600174f8cc629711964d59a2
SHA256

cba94934ac8f7ae780c28513d650dba002f70c1a7f0839221e16c3f44a915cb4
SHA512

03162739d6efaba3c30a30f9cb5eab779378f1612510cab149d69db1980198df5bedfcc51f089a8554f7c654892c2448131e88a2682ececf9e04452d8fd64d54
SSDEEP

6144:1k7U6DERPUq4//gW+T/5rBV+UdvrEFp7hKXzQQN:1MU6DERPwgWa5rBjvrEH7KzF

Score

9^/10

persistence upx

Malware Config

Targets

- Target
  
  cba94934ac8f7ae780c28513d650dba002f70c1a7f0839221e16c3f44a915cb4
- Size
  
  213KB
- MD5
  
  6031dcfe1ac1f4adbb0f70cee6a2966c
- SHA1
  
  739b5d1a6e4aba0c600174f8cc629711964d59a2
- SHA256
  
  cba94934ac8f7ae780c28513d650dba002f70c1a7f0839221e16c3f44a915cb4
- SHA512
  
  03162739d6efaba3c30a30f9cb5eab779378f1612510cab149d69db1980198df5bedfcc51f089a8554f7c654892c2448131e88a2682ececf9e04452d8fd64d54
- SSDEEP
  
  6144:1k7U6DERPUq4//gW+T/5rBV+UdvrEFp7hKXzQQN:1MU6DERPwgWa5rBjvrEH7KzF
Score

9^/10

persistence upx
- UPX dump on OEP (original entry point)
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstOpt.dll
- Size
  
  25KB
- MD5
  
  6a45ec125830c244261b28fe97fb9f9d
- SHA1
  
  f30e65fa3a84c9078bf29af4b4d08ec618a8e44f
- SHA256
  
  fa8b56b52dc7130d924d0060633b5763c032408385a47ec7438d5e1d481d2fe5
- SHA512
  
  5387439a2a1f235a2ffe934570db8ab200e2688496d2be39d8f6a47dc7fb55e6e30e957b5b2f6d79799581278bd57c03dc81908afa5e9707375a14ec8a34e4e2
- SSDEEP
  
  768:+7u9W9DJBK9k+EmJHTSJH3SjNFbQBYcFS:wugDDQpOJH3SjNFbQBY
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  8cf2ac271d7679b1d68eefc1ae0c5618
- SHA1
  
  7cc1caaa747ee16dc894a600a4256f64fa65a9b8
- SHA256
  
  6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
- SHA512
  
  ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
- SSDEEP
  
  192:BenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XB9IwL:B8+Qlt70Fj/lQRY/9VjjlL
Score

3^/10
behavioral5 behavioral6
- Target
  
  $R0
- Size
  
  69KB
- MD5
  
  9d199564b65a91a531b23844649459e9
- SHA1
  
  8d84359ced1c51d14e70cb5ed36a6083c8b914cf
- SHA256
  
  8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
- SHA512
  
  ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
- SSDEEP
  
  768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score

1^/10
behavioral7 behavioral8
- Target
  
  devcon.exe
- Size
  
  69KB
- MD5
  
  9d199564b65a91a531b23844649459e9
- SHA1
  
  8d84359ced1c51d14e70cb5ed36a6083c8b914cf
- SHA256
  
  8dc2490d1d650e3ffbf70922b81ae9800ddd29a644e4d7d29e9616e22a7d0f42
- SHA512
  
  ae522945d3ddcd7c2d99da14ba62d556928b7e6dfcb07114f13481777878a8ffa448170cebbf76da80d9ae45d0e3a509b0f2a7bd702773c1efcaca26496010d1
- SSDEEP
  
  768:Ubrbmi0iAETVvlXjkQnr65WTHBAtgYSofgevxHs4gZWk:ab70GdXoQr65WDBAtgYSoflxHeW
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

UPX dump on OEP (original entry point)

Modifies AppInit DLL entries

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

UPX packed file

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10