Overview

overview

8

Static

static

7

82815a61bc...ad.exe

windows7-x64

8

82815a61bc...ad.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    82815a61bc735854e035eb3eb9ee9b6e30293c2dde9191bd7e25a2870d7f91ad

  • Size

    6.6MB

  • Sample

    240809-fqn19s1blg

  • MD5

    6ec1efa85155caab6391b7e0c8327333

  • SHA1

    0eb2367eef8e9e811faa2dbb244a950d74becf3d

  • SHA256

    82815a61bc735854e035eb3eb9ee9b6e30293c2dde9191bd7e25a2870d7f91ad

  • SHA512

    bbf62a722de0fbd243b73c847a20db8f05574525a93ac73138230522dc9a643fd0a86721fab3fa3fbee2696c0a3a3a551870c7c9bc0d82a8d26eeb8ed47f3a86

  • SSDEEP

    196608:NLljZEve2hHDDrBg1+2dnn8RX23Ggta2j:NVZsek1g1+kneXWj

Score
8/10
discoveryevasionexecutionpersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      82815a61bc735854e035eb3eb9ee9b6e30293c2dde9191bd7e25a2870d7f91ad

    • Size

      6.6MB

    • MD5

      6ec1efa85155caab6391b7e0c8327333

    • SHA1

      0eb2367eef8e9e811faa2dbb244a950d74becf3d

    • SHA256

      82815a61bc735854e035eb3eb9ee9b6e30293c2dde9191bd7e25a2870d7f91ad

    • SHA512

      bbf62a722de0fbd243b73c847a20db8f05574525a93ac73138230522dc9a643fd0a86721fab3fa3fbee2696c0a3a3a551870c7c9bc0d82a8d26eeb8ed47f3a86

    • SSDEEP

      196608:NLljZEve2hHDDrBg1+2dnn8RX23Ggta2j:NVZsek1g1+kneXWj

    Score
    8/10
    discoveryevasionexecutionpersistenceprivilege_escalationupx

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Network Share Discovery

1
T1135

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks