Overview

overview

10

Static

static

10

0a47f22ff1...b2.exe

windows7-x64

9

0a47f22ff1...b2.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    0a47f22ff100f5408188acc9368595749c38d95d0eac8a58c656eb8a2c86b4b2

  • Size

    1.3MB

  • Sample

    240420-w5pt4seg54

  • MD5

    b96e56c33076fd492487ac26e3525874

  • SHA1

    4635af8d94f1a3a97ae7a97961ae96c6f824e3cb

  • SHA256

    0a47f22ff100f5408188acc9368595749c38d95d0eac8a58c656eb8a2c86b4b2

  • SHA512

    2f485c0e567460c2265228b17abd7d5744874aeca4ce8568b8d620500b976c6d53dedd5420353052c82e4ec1330f4829900183c6d87e9abaddf478fac2739440

  • SSDEEP

    24576:LQI2rDc30x5tUewSFYndCfeI+GajylnGhj9EirEuaXmSmmzpITCrEH7A:LwzxbUJndWeMln8FrmXmSmaITG

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      0a47f22ff100f5408188acc9368595749c38d95d0eac8a58c656eb8a2c86b4b2

    • Size

      1.3MB

    • MD5

      b96e56c33076fd492487ac26e3525874

    • SHA1

      4635af8d94f1a3a97ae7a97961ae96c6f824e3cb

    • SHA256

      0a47f22ff100f5408188acc9368595749c38d95d0eac8a58c656eb8a2c86b4b2

    • SHA512

      2f485c0e567460c2265228b17abd7d5744874aeca4ce8568b8d620500b976c6d53dedd5420353052c82e4ec1330f4829900183c6d87e9abaddf478fac2739440

    • SSDEEP

      24576:LQI2rDc30x5tUewSFYndCfeI+GajylnGhj9EirEuaXmSmmzpITCrEH7A:LwzxbUJndWeMln8FrmXmSmaITG

    Score
    9/10
    evasionpersistenceupx

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • Modifies AppInit DLL entries

      persistence

    • Modifies Windows Firewall

      evasion

    • Sets file execution options in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

3
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

Remote System Discovery

1
T1018

System Information Discovery

4
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks