Overview

overview

7

Static

static

3

0d7aaf278f...90.exe

windows7-x64

7

0d7aaf278f...90.exe

windows7-x64

7

0d7aaf278f...90.exe

windows10-1703-x64

7

0d7aaf278f...90.exe

windows10-2004-x64

7

0d7aaf278f...90.exe

windows11-21h2-x64

7

Resubmissions

26-04-2024 07:18

240426-h44pzsbe74 7

26-04-2024 07:18

240426-h44d8abd9t 10

26-04-2024 07:18

240426-h43spabd9s 8

26-04-2024 07:18

240426-h4266abd81 10

26-04-2024 07:18

240426-h419vsbd8x 7

25-04-2024 12:57

240425-p6157sah4x 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d7aaf278f5b8cff257702f9fd344fa7547d9901c4ec1ae8742954e827026e90

  • Size

    1.8MB

  • Sample

    240426-h44pzsbe74

  • MD5

    aa053cf4ed948fec79703debbb45fbbf

  • SHA1

    5911604358446df9ebf3397dbb6ebf82628ba7a7

  • SHA256

    0d7aaf278f5b8cff257702f9fd344fa7547d9901c4ec1ae8742954e827026e90

  • SHA512

    dfcb6edba8ef8ebf66316f1e68d2ce9a4ce45c6f03cdd94821673b75e075a3ccbc0767cf4cb8b3b3d4bd14df28f8122dadf0c433f8471a0502e01bd8b66287fd

  • SSDEEP

    24576:iQX9+3Y1m2M/++RBu4dZxuOxYyWelVrMGROcxRvhqvETcq6+aic+eKZELRMBk:HTk29zXODWevrMItxhhqvt+k+eKZE9G

Score
7/10
discoverymotwpersistencephishingupx

Malware Config

Targets

    • Target

      0d7aaf278f5b8cff257702f9fd344fa7547d9901c4ec1ae8742954e827026e90

    • Size

      1.8MB

    • MD5

      aa053cf4ed948fec79703debbb45fbbf

    • SHA1

      5911604358446df9ebf3397dbb6ebf82628ba7a7

    • SHA256

      0d7aaf278f5b8cff257702f9fd344fa7547d9901c4ec1ae8742954e827026e90

    • SHA512

      dfcb6edba8ef8ebf66316f1e68d2ce9a4ce45c6f03cdd94821673b75e075a3ccbc0767cf4cb8b3b3d4bd14df28f8122dadf0c433f8471a0502e01bd8b66287fd

    • SSDEEP

      24576:iQX9+3Y1m2M/++RBu4dZxuOxYyWelVrMGROcxRvhqvETcq6+aic+eKZELRMBk:HTk29zXODWevrMItxhhqvt+k+eKZE9G

    Score
    7/10
    persistenceupxdiscoverymotwphishing

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks