General
-
Target
Apex-Assistance.exe
-
Size
52.2MB
-
Sample
240424-kq1saagb75
-
MD5
1cd59d223414ff2a957f9770152add96
-
SHA1
5eb32548e5965a9790dcab56f5cf2c8bb39d4ded
-
SHA256
f4e9a82bfe175d5700008cd6fbc453ba549e95b8ee03fcb421ece8744192cce8
-
SHA512
6b45e3195aae4fbb3c52e6ec2781db46d7414787fd88dacbb03d5b4c2c3c5671cba4d626677edae9a4d5b9fb46de780a4796047d683a9593451ae67557b98a55
-
SSDEEP
1572864:KCzFJGMK66POgIu64t11cJzr7FAOKNgaL18fW:hJJoAuuJf7FhzaLS
Behavioral task
behavioral1
Sample
Apex-Assistance.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Apex-Assistance.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
Apex-Assistance.exe
-
Size
52.2MB
-
MD5
1cd59d223414ff2a957f9770152add96
-
SHA1
5eb32548e5965a9790dcab56f5cf2c8bb39d4ded
-
SHA256
f4e9a82bfe175d5700008cd6fbc453ba549e95b8ee03fcb421ece8744192cce8
-
SHA512
6b45e3195aae4fbb3c52e6ec2781db46d7414787fd88dacbb03d5b4c2c3c5671cba4d626677edae9a4d5b9fb46de780a4796047d683a9593451ae67557b98a55
-
SSDEEP
1572864:KCzFJGMK66POgIu64t11cJzr7FAOKNgaL18fW:hJJoAuuJf7FhzaLS
-
Modifies firewall policy service
-
Creates new service(s)
-
Stops running service(s)
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
3Windows Service
3Abuse Elevation Control Mechanism
1Bypass User Account Control
1