Overview

overview

10

Static

static

7

ee73fc6bfd...f4.exe

windows7-x64

10

ee73fc6bfd...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee73fc6bfd4dc4be1e2df435ef91b8936048c64b6becafa087f67b1812aa64f4

  • Size

    22KB

  • Sample

    240425-fmrb8afg76

  • MD5

    a421d4db22bf09c8a91c1d1faed3ab25

  • SHA1

    72413e8f3a43820fb7b019ff1dc6c92ad34be1ae

  • SHA256

    ee73fc6bfd4dc4be1e2df435ef91b8936048c64b6becafa087f67b1812aa64f4

  • SHA512

    752556e02f30593b9d6bc85d9d5511dd74bad0befb64a15b414373d9be3a149b7f79be6f0ad2a492278cd8bc75c93d23360573ec607f17323e8d5b9edec3e3c6

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXVB7M:rRkiLw3HsDSARGG/rM

Score
10/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      ee73fc6bfd4dc4be1e2df435ef91b8936048c64b6becafa087f67b1812aa64f4

    • Size

      22KB

    • MD5

      a421d4db22bf09c8a91c1d1faed3ab25

    • SHA1

      72413e8f3a43820fb7b019ff1dc6c92ad34be1ae

    • SHA256

      ee73fc6bfd4dc4be1e2df435ef91b8936048c64b6becafa087f67b1812aa64f4

    • SHA512

      752556e02f30593b9d6bc85d9d5511dd74bad0befb64a15b414373d9be3a149b7f79be6f0ad2a492278cd8bc75c93d23360573ec607f17323e8d5b9edec3e3c6

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXVB7M:rRkiLw3HsDSARGG/rM

    Score
    10/10
    evasionpersistencetrojanupx

    • Windows security bypass

      evasiontrojan

    • Drops file in Drivers directory

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

3
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

5
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks