Overview

overview

10

Static

static

3

Apex-Assistance.exe

windows7-x64

7

Apex-Assistance.exe

windows10-2004-x64

Resubmissions

24-04-2024 15:25

240424-stn7nacd51 10

24-04-2024 08:49

240424-kq1saagb75 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Apex-Assistance.exe

  • Size

    52.2MB

  • Sample

    240424-kq1saagb75

  • MD5

    1cd59d223414ff2a957f9770152add96

  • SHA1

    5eb32548e5965a9790dcab56f5cf2c8bb39d4ded

  • SHA256

    f4e9a82bfe175d5700008cd6fbc453ba549e95b8ee03fcb421ece8744192cce8

  • SHA512

    6b45e3195aae4fbb3c52e6ec2781db46d7414787fd88dacbb03d5b4c2c3c5671cba4d626677edae9a4d5b9fb46de780a4796047d683a9593451ae67557b98a55

  • SSDEEP

    1572864:KCzFJGMK66POgIu64t11cJzr7FAOKNgaL18fW:hJJoAuuJf7FhzaLS

Score
10/10
evasionpersistencepyinstallerspywarestealertrojanupx

Malware Config

Targets

    • Target

      Apex-Assistance.exe

    • Size

      52.2MB

    • MD5

      1cd59d223414ff2a957f9770152add96

    • SHA1

      5eb32548e5965a9790dcab56f5cf2c8bb39d4ded

    • SHA256

      f4e9a82bfe175d5700008cd6fbc453ba549e95b8ee03fcb421ece8744192cce8

    • SHA512

      6b45e3195aae4fbb3c52e6ec2781db46d7414787fd88dacbb03d5b4c2c3c5671cba4d626677edae9a4d5b9fb46de780a4796047d683a9593451ae67557b98a55

    • SSDEEP

      1572864:KCzFJGMK66POgIu64t11cJzr7FAOKNgaL18fW:hJJoAuuJf7FhzaLS

    Score
    10/10
    evasionpersistencepyinstallerspywarestealertrojanupx

    • Modifies firewall policy service

      evasion

    • UAC bypass

      evasiontrojan

    • Creates new service(s)

      persistence

    • Stops running service(s)

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Privilege Escalation

Create or Modify System Process

3
T1543

Windows Service

3
T1543.003

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Defense Evasion

Modify Registry

3
T1112

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

2
T1562

Disable or Modify Tools

1
T1562.001

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Process Discovery

1
T1057

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks