Overview

overview

10

Static

static

10

VC_Redist.86x.exe

windows10-1703-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VC_Redist.86x.exe

  • Size

    76.4MB

  • Sample

    240419-cmtkssdh37

  • MD5

    09053225a1959b6db8d9e9616919b30b

  • SHA1

    f616e3d14c6ace7b3f9131d569496cebdabd0110

  • SHA256

    900faaa33f20c6f018e74416f226362b3f9d0a8a869255d488c61d059560943c

  • SHA512

    2b812a02c96d5f9dd66fb42bde4a62f027ceb7db59c844a5d2393e9789068eb965e4cdc60a7d37623e94fe8ffddf7946b8301d72b65da115fe45bdf755ec1963

  • SSDEEP

    1572864:yviEZjFWWSk8IpG7V+VPhqYdfME7mjx6iYweyJulZUdgu0WVhjP311qZ9U3:yvZZAWSkB05awcfQtnpuK0cd09U

Score
10/10
pysilonevasionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      VC_Redist.86x.exe

    • Size

      76.4MB

    • MD5

      09053225a1959b6db8d9e9616919b30b

    • SHA1

      f616e3d14c6ace7b3f9131d569496cebdabd0110

    • SHA256

      900faaa33f20c6f018e74416f226362b3f9d0a8a869255d488c61d059560943c

    • SHA512

      2b812a02c96d5f9dd66fb42bde4a62f027ceb7db59c844a5d2393e9789068eb965e4cdc60a7d37623e94fe8ffddf7946b8301d72b65da115fe45bdf755ec1963

    • SSDEEP

      1572864:yviEZjFWWSk8IpG7V+VPhqYdfME7mjx6iYweyJulZUdgu0WVhjP311qZ9U3:yvZZAWSkB05awcfQtnpuK0cd09U

    Score
    9/10
    evasionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

2
T1112

Credential Access

Discovery

File and Directory Discovery

1
T1083

Virtualization/Sandbox Evasion

1
T1497

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks