Overview

overview

10

Static

static

3

1b251af519...0N.exe

windows7-x64

10

1b251af519...0N.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    1b251af519386823ce936c4742f4e720N.exe

  • Size

    2.0MB

  • Sample

    240722-15w1ms1ekd

  • MD5

    1b251af519386823ce936c4742f4e720

  • SHA1

    0b0642e2bf889a7fb54d4808096f4fc307be465f

  • SHA256

    bcc741194a70a982ad991d85beb39c94dccb0a61c45780bdb566d7fa52627f88

  • SHA512

    62bce0c4acd4bbe30e28d2a8a2b11841d66a04d2a55682a0414954aab476567bb2ed94642f1c501b7615b85ee90c7d5562265b33dd190be19d11feb6820325f4

  • SSDEEP

    24576:du5anSoIjXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4k:BrI5bTChxKCnFnQXBbrtgb/iQvu0UHO

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      1b251af519386823ce936c4742f4e720N.exe

    • Size

      2.0MB

    • MD5

      1b251af519386823ce936c4742f4e720

    • SHA1

      0b0642e2bf889a7fb54d4808096f4fc307be465f

    • SHA256

      bcc741194a70a982ad991d85beb39c94dccb0a61c45780bdb566d7fa52627f88

    • SHA512

      62bce0c4acd4bbe30e28d2a8a2b11841d66a04d2a55682a0414954aab476567bb2ed94642f1c501b7615b85ee90c7d5562265b33dd190be19d11feb6820325f4

    • SSDEEP

      24576:du5anSoIjXdVtTj2i64T+jdxQCfgOFD3WSwd2QtBBw6xxhVxQtmibjOhZaiRu/4k:BrI5bTChxKCnFnQXBbrtgb/iQvu0UHO

    Score
    10/10
    evasionpersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables use of System Restore points

      evasion

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

5
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Tasks