Overview

overview

7

Static

static

7

loader.exe

windows7-x64

7

loader.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.exe

  • Size

    6.5MB

  • Sample

    240423-2x4aesce61

  • MD5

    5640e7c7fbbfa0134b74865a6d4737ea

  • SHA1

    82cb4c4440e9e3baab6b75994d94041e66830b3c

  • SHA256

    55ec88ada55c35967781c12ac60757e8e8f6257357cf5508cf17eca7a8acc123

  • SHA512

    3acea538d5910aee2faa1c954e927eefa9c606eb35637072e3f06601c5fe91cf95e8d3ca176ae5ecec8b1a1f017da867408a29b0a9e0d4c47085d439ce8a1342

  • SSDEEP

    196608:AMNTPY7QEbGXqEICteEroXGzlxZV3Gu5D4S26/CS32uTdq:BYkEhEInEroXC14S26Wuxq

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      loader.exe

    • Size

      6.5MB

    • MD5

      5640e7c7fbbfa0134b74865a6d4737ea

    • SHA1

      82cb4c4440e9e3baab6b75994d94041e66830b3c

    • SHA256

      55ec88ada55c35967781c12ac60757e8e8f6257357cf5508cf17eca7a8acc123

    • SHA512

      3acea538d5910aee2faa1c954e927eefa9c606eb35637072e3f06601c5fe91cf95e8d3ca176ae5ecec8b1a1f017da867408a29b0a9e0d4c47085d439ce8a1342

    • SSDEEP

      196608:AMNTPY7QEbGXqEICteEroXGzlxZV3Gu5D4S26/CS32uTdq:BYkEhEInEroXC14S26Wuxq

    Score
    7/10
    upxpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      3KB

    • MD5

      1f5417a43d885c7552d9e6a87226dd8d

    • SHA1

      67d9596dcf02a6ca56e799e97a03a8e2a0d1efd7

    • SHA256

      6e583aae6f1308ef016673ebdd42481567f24e5f8fc95b66a174b201d4ad0fe1

    • SHA512

      0707a122c3fba4d325dfa6cbfc6eb545938e4990661046a60a151e01b124bedafa9cc0b9f1ba969911570eeb497c05f1a63c8b76dc09f4944a427c1635998c7e

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks