d14ee261ed6c5dddc1900587c455991defe0f49c1da1172d7f8f1e163309d3e8

Sharing

Copy URL

Twitter E-mail

General

Target

3f58da2e1652dddab53995166f24993f.exe
Size

877KB
Sample

240712-jmjtxswhrc
MD5

3f58da2e1652dddab53995166f24993f
SHA1

1721c19909c2309398d5174f9fcb2abcff51e862
SHA256

d14ee261ed6c5dddc1900587c455991defe0f49c1da1172d7f8f1e163309d3e8
SHA512

ece1950851e0724f465471cfd50021f0c13642f66753c56bb77c91e6db972032ce272286f2d51f5c87edb61b806cd8a21458286f8bd1b799821526966b10dca1
SSDEEP

24576:MGxOacf/CoFPz8s43+ae4Y9hJ9HFtMr6lLwLkM0VP90ef2:XxyCoZz943+YaJNFtM+5wL3AP912

Score

10^/10

Malware Config

Targets

- Target
  
  3f58da2e1652dddab53995166f24993f.exe
- Size
  
  877KB
- MD5
  
  3f58da2e1652dddab53995166f24993f
- SHA1
  
  1721c19909c2309398d5174f9fcb2abcff51e862
- SHA256
  
  d14ee261ed6c5dddc1900587c455991defe0f49c1da1172d7f8f1e163309d3e8
- SHA512
  
  ece1950851e0724f465471cfd50021f0c13642f66753c56bb77c91e6db972032ce272286f2d51f5c87edb61b806cd8a21458286f8bd1b799821526966b10dca1
- SSDEEP
  
  24576:MGxOacf/CoFPz8s43+ae4Y9hJ9HFtMr6lLwLkM0VP90ef2:XxyCoZz943+YaJNFtM+5wL3AP912
Score

10^/10

evasion execution trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies Windows Defender notification settings
  evasion trojan
- Modifies security service
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SelfDel.dll
- Size
  
  5KB
- MD5
  
  e5786e8703d651bc8bd4bfecf46d3844
- SHA1
  
  fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
- SHA256
  
  d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
- SHA512
  
  d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3
- SSDEEP
  
  96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  b4579bc396ace8cafd9e825ff63fe244
- SHA1
  
  32a87ed28a510e3b3c06a451d1f3d0ba9faf8d9c
- SHA256
  
  01e72332362345c415a7edcb366d6a1b52be9ac6e946fb9da49785c140ba1a4b
- SHA512
  
  3a76e0e259a0ca12275fed922ce6e01bdfd9e33ba85973e80101b8025ef9243f5e32461a113bbcc6aa75e40894bb5d3a42d6b21045517b6b3cf12d76b4cfa36a
- SSDEEP
  
  96:JwzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuH0DQ:JTQHDb2vSuOc41ZfUNQZGdHM
Score

3^/10
behavioral5 behavioral6
- Target
  
  $_32_/PowerRun64.exe
- Size
  
  923KB
- MD5
  
  efe5769e37ba37cf4607cb9918639932
- SHA1
  
  f24ca204af2237a714e8b41d54043da7bbe5393b
- SHA256
  
  5f9dfd9557cf3ca96a4c7f190fc598c10f8871b1313112c9aea45dc8443017a2
- SHA512
  
  33794a567c3e16582da3c2ac8253b3e61df19c255985277c5a63a84a673ac64899e34e3b1ebb79e027f13d66a0b8800884cdd4d646c7a0abe7967b6316639cf1
- SSDEEP
  
  24576:X2DW/xbMX2YIbxQsu3/PNLoQ+HyS2I4jRk:X2EgXoQsW/PNUQWnX4jRk
Score

4^/10
behavioral7 behavioral8
- Target
  
  $_32_/SetACL64.exe
- Size
  
  601KB
- MD5
  
  1fb64ff73938f4a04e97e5e7bf3d618c
- SHA1
  
  aa0f7db484d0c580533dec0e9964a59588c3632b
- SHA256
  
  4efc87b7e585fcbe4eaed656d3dbadaec88beca7f92ca7f0089583b428a6b221
- SHA512
  
  da6007847ffe724bd0b0abe000b0dd5596e2146f4c52c8fe541a2bf5f5f2f5893dccd53ef315206f46a9285ddbd766010b226873038ccac7981192d8c9937ece
- SSDEEP
  
  12288:3G2NBTh+l8gAqAbdsuEa3nZGSebY7o937bfJ9Ud:3xNBTYlaLdaynZGBc7orbJ9Ud
Score

1^/10
behavioral10 behavioral9
- Target
  
  $_32_/cabweejcuqvpws.exe
- Size
  
  5KB
- MD5
  
  6b1213639bc5ffc4f1af8c17420d4b1f
- SHA1
  
  ee2d622099fb19a8ed7e1c6137f60ac86fa65486
- SHA256
  
  1fa9e2264b4954f01a83f6a4e8bc7982516091e0fb0c6a2f6154fa87164148b7
- SHA512
  
  03a81297f140b0428636452075c1465d895485268ba243b03562495a5ff46cd392ef8d1a13d0c738d2cf3b560d0ef73afcc63f210b3bdbf4d931e2e204cf4498
- SSDEEP
  
  48:6isDgDtjQHbc6akyAnx2mMM4ife1QivkZZtMlDIra569FHpfbNtm:X1JQpjVfeT1+fzNt
Score

1^/10
behavioral11 behavioral12
- Target
  
  $_32_/p64.bat
- Size
  
  12KB
- MD5
  
  1abf8067994181b1a38867bf6437f9d2
- SHA1
  
  d25e23848f65b85f0f21e9a0a69e4268b625eca2
- SHA256
  
  23bbb732ff55ab62dc8863a69626ef5655f60bf0d7b96fa2818a895e81283b40
- SHA512
  
  6237826de2feaf63c2f1312680118474f9b60f5516a05e171743a09a088d7c9bfd06ce9de17852e6f4c2dcb577814163621ff27b2a7bbb37f2a1ae130f64d882
- SSDEEP
  
  192:lBoBaf8nBftOMBzALyeKv9eA3sQlxRyEiLivnzA6fFrs3qUEGA6oh/HbzBBzKF6a:QK
Score

10^/10

evasion execution trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies Windows Defender notification settings
  evasion trojan
- Modifies security service
  evasion
behavioral13 behavioral14
- Target
  
  $_32_/win_version_csharp.exe
- Size
  
  6KB
- MD5
  
  7cb364701028767f8942cc3f8439f8f2
- SHA1
  
  d6bede2206b7042b4cae32f416e1b43ffac94238
- SHA256
  
  a2716605f8dd1930808e6918db670a3fe32287791862883dbabd26849b87b09e
- SHA512
  
  3011b3d64f79280ab05de9658c4f5a13f637ad2e79d5770cfaeb3af6cb8c7a56b610dad69fdf295112be64cfb80e18f30bb1829eb3c0e549105f63d0e770dc13
- SSDEEP
  
  96:/uidPNKO2mkcQ7DBOrkB0kPkKXwF4dkd8Nue3qYMns1BjgtRQWWzNt:FIOu7DBOrkB0kPkKXwF4dkd8Nn34nUBR
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies Windows Defender Real-time Protection settings

Modifies Windows Defender notification settings

Modifies security service

Executes dropped EXE

Loads dropped DLL

Windows security modification

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Modifies Windows Defender Real-time Protection settings

Modifies Windows Defender notification settings

Modifies security service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16