Overview

overview

10

Static

static

5

93c8e9c4c1...81.exe

windows7-x64

10

93c8e9c4c1...81.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    93c8e9c4c18ca12fc6922184ec69fd2505d883388543f394d6bc482dcb0b4881

  • Size

    10.1MB

  • Sample

    241004-hz21lavdma

  • MD5

    393735adc6ad7f82488ead270e7ff721

  • SHA1

    5dc754f67bb3e1d1e848c887a646193d1efe2b39

  • SHA256

    93c8e9c4c18ca12fc6922184ec69fd2505d883388543f394d6bc482dcb0b4881

  • SHA512

    7fdbffde3a98b8094f4936b34014e287912de33280ecb608f9e8b22865fd1fd5b9863623349eaa331d1c0304345565c4da7a75e97dc22b26279ecfd320c5aaba

  • SSDEEP

    196608:LrzaSGmAHoVSdZVFCRFCEos0k5hOlSgGG3v83zMGJuhIaKQX:XAEqLe5JuWa

Score
10/10
discoveryevasionpersistenceprivilege_escalationtrojanupx

Malware Config

Targets

    • Target

      93c8e9c4c18ca12fc6922184ec69fd2505d883388543f394d6bc482dcb0b4881

    • Size

      10.1MB

    • MD5

      393735adc6ad7f82488ead270e7ff721

    • SHA1

      5dc754f67bb3e1d1e848c887a646193d1efe2b39

    • SHA256

      93c8e9c4c18ca12fc6922184ec69fd2505d883388543f394d6bc482dcb0b4881

    • SHA512

      7fdbffde3a98b8094f4936b34014e287912de33280ecb608f9e8b22865fd1fd5b9863623349eaa331d1c0304345565c4da7a75e97dc22b26279ecfd320c5aaba

    • SSDEEP

      196608:LrzaSGmAHoVSdZVFCRFCEos0k5hOlSgGG3v83zMGJuhIaKQX:XAEqLe5JuWa

    Score
    10/10
    discoveryevasionpersistenceprivilege_escalationtrojanupx

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Power Settings

1
T1653

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

3
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

2
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks