6e785b074434cc4962019d4c2435199a72ec2f8c17f6b1375fcacbc4d7ce22fd | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Black Worm....5.exe

windows10-1703-x64

8

Sharing

General

Target

Black Worm Generator v3.5.exe
Size

56.5MB
Sample

240521-tvvaqsbe92
MD5

f6a1ce8285cb532467fe1b1c6a1bbc8c
SHA1

94a29ce6b45d60266cbb356841f1917ef972764b
SHA256

6e785b074434cc4962019d4c2435199a72ec2f8c17f6b1375fcacbc4d7ce22fd
SHA512

5fb7820e5f095fa993209e7cea72562aafc1b31e31dfc4f3f9b3518b76aa52295104d39613742f7e9dfd0572ff90b1fe6490296b19dcf5c31fde512a92711173
SSDEEP

1572864:oWIK4eCj96srs6RZXQ/pVuc7plcZZhQNEhCWdLDzRCVtQ:mK4eCYJCI3BplcZZUO1dLj

Score

8^/10

evasion execution persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Black Worm Generator v3.5.exe

Resource

win10-20240404-en

evasion execution persistence upx

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Black Worm Generator v3.5.exe
- Size
  
  56.5MB
- MD5
  
  f6a1ce8285cb532467fe1b1c6a1bbc8c
- SHA1
  
  94a29ce6b45d60266cbb356841f1917ef972764b
- SHA256
  
  6e785b074434cc4962019d4c2435199a72ec2f8c17f6b1375fcacbc4d7ce22fd
- SHA512
  
  5fb7820e5f095fa993209e7cea72562aafc1b31e31dfc4f3f9b3518b76aa52295104d39613742f7e9dfd0572ff90b1fe6490296b19dcf5c31fde512a92711173
- SSDEEP
  
  1572864:oWIK4eCj96srs6RZXQ/pVuc7plcZZhQNEhCWdLDzRCVtQ:mK4eCYJCI3BplcZZUO1dLj
Score

8^/10

evasion execution persistence upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Creates new service(s)
  persistence execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistenceupx

© 2018-2024

Terms | Privacy