daf23fe9c7bf31cd3a54c81b9b719531e8a2635d7ba30b570dc0e4259222fc70 | Triage

Sharing

General

Target

daf23fe9c7bf31cd3a54c81b9b719531e8a2635d7ba30b570dc0e4259222fc70
Size

1.1MB
Sample

241009-sf8ddaxepm
MD5

f78b9ec56ec20f9b954053279cfce097
SHA1

e93020b9f856c199556b121287cc528d659af848
SHA256

daf23fe9c7bf31cd3a54c81b9b719531e8a2635d7ba30b570dc0e4259222fc70
SHA512

758df020a4b7afff02756c7da6b118a1d633f03debcbfcb77fb47d95f124455f174240d7a4031cbde21a308a2bea25ba19486ed95f8e1add5f2ff882bbe5c143
SSDEEP

24576:9HnjKp3YMe+HMQFmgP1UULAuURg++evub3ZvlZyMBdY/VsZZZ:9DKpde+sqmiA5Ftvub3Zvloz/V4ZZ

Score

8^/10

evasion execution persistence upx

Malware Config

Targets

- Target
  
  zapret-discord-youtube-main/WinDivert.dll
- Size
  
  46KB
- MD5
  
  b2014d33ee645112d5dc16fe9d9fcbff
- SHA1
  
  aa69498562d350f2de06954b133e59fac1e57002
- SHA256
  
  c1e060ee19444a259b2162f8af0f3fe8c4428a1c6f694dce20de194ac8d7d9a2
- SHA512
  
  37014a018b9cd91b2eaeeccc7c5af3838fcae4d4fe6bb50c7ae32cd5c99423965a3e3efb29499324f6885b8f0c2ee2952cb75ab73db4e8960811abcb46801f15
- SSDEEP
  
  768:Qjf2rf/kxpxI+JEw2VWHDDjQSQX4zTtllgwBqWocwTicI:YuT/CXHDvVQatonTic
Score

1^/10
behavioral1 behavioral2
- Target
  
  zapret-discord-youtube-main/WinDivert64.sys
- Size
  
  91KB
- MD5
  
  89ed5be7ea83c01d0de33d3519944aa5
- SHA1
  
  4c9b9c74529399abacc2284de1dead5f2332ee9b
- SHA256
  
  8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2
- SHA512
  
  be6530fa0e26441441028b530cd6fc4f900448916e137f92613a1f886c16399d415ddd17f7f8847258cc19c63b1510f2f3068942203c50486e48eed838f9f138
- SSDEEP
  
  1536:AsmCCzg4Klt7jh//NiRMwoGK0tmdsAXixJz48dJ/zuXR:Atzilt/iR5ojGmdsAXoz4k/8R
Score

1^/10
behavioral3
- Target
  
  zapret-discord-youtube-main/cygwin1.dll
- Size
  
  998KB
- MD5
  
  c50b50303fae4afe7248307339a00d13
- SHA1
  
  1b4a3f7666172809bd0d88f793ee855bd4b92938
- SHA256
  
  712c39a069541afa69cfcbe01b422bd67b4201eee7e94cc1327d4ed8b4fa2167
- SHA512
  
  123d06a0a5f891851e372881860b9d7fb8c453dcdbbca5970b9b2bf205f08f0a724595c6892f4afbbb4f85292a886dddffbf0d36dfe18d4b6eea7a5d12451762
- SSDEEP
  
  24576:YbYJZPZf7KMuiA7Q4lsXBmStxacrFhG+wTGiPoy1u7MHltI:YAZfmM/A7Uk6xhpmGkoy1u7MH0
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral4 behavioral5
- Target
  
  zapret-discord-youtube-main/discord.bat
- Size
  
  664B
- MD5
  
  92bd2198b52fa1f69424fb254ef69e2a
- SHA1
  
  36c3337c3b37f464f1fe2a9e75bc8788451cc334
- SHA256
  
  16fc3b522c9b55c53097a58dda7757343838e2a75c351039986e9886c34eebbc
- SHA512
  
  54ca7572dd67c92550176537cb5ad3fbd8ec9eed2f2b3a71015412a7f817f2f36ecb091efd65bd7e6e734a7b7f7d6997b6282282b82de2fd6e435b6567e2a440
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral6 behavioral7
- Target
  
  zapret-discord-youtube-main/discord_youtube.bat
- Size
  
  868B
- MD5
  
  d142d810c39ba859f5904d4cc3386eb2
- SHA1
  
  c6b5c3550698460dca3fa414cdafe01ab971cea8
- SHA256
  
  5a65fa4a71d1f759fb8f8f00f62ea3ad1470a6b863632ab0ae8cadce99addde7
- SHA512
  
  2a07d7546a7fd47f9de2338c94bfe3c23692e55de419fbca753dd01dd257e609a6d6ff48fbd221095dc5eac86e50fd9f3ed95893aa615486cf0a566f052bdc87
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral8 behavioral9
- Target
  
  zapret-discord-youtube-main/service_discord.bat
- Size
  
  941B
- MD5
  
  22b7b6c45e0daee0b4c57976b7b97715
- SHA1
  
  2d18198d5a7d37fb9a2e843a3b20c11e1b11868c
- SHA256
  
  34bf9086637dc144cc3af3d93717f907e7e80a0545fc07e868f4c923496c4d50
- SHA512
  
  bc8e1ee0e00598e53bd8264dd3179eccd0cb24d90cdf92a25274703d42fc04f47f7d3efb9b9f5e389a47cb9164df29ec05fa5475b7774304ad171ffaef87a19b
Score

8^/10

evasion execution persistence upx
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral10 behavioral11
- Target
  
  zapret-discord-youtube-main/service_discord_youtube.bat
- Size
  
  1KB
- MD5
  
  03eb7e8bb876160ad50c8cb667f6947d
- SHA1
  
  f71cd62fa93790f74eafd2232f187569d9cc2ef8
- SHA256
  
  330765de2f44a6fae7170aa9d64f7631641bfa16480d7009fa9bd1046f6051f9
- SHA512
  
  26ff1705c9f96bc3411e0407898dc6c421763d0ca15465ca66c15477433d9c8596c1eee94ddff8ddb588cdeaadea09d0c6b7a3719c911bf59859eddaa40608d9
Score

8^/10

evasion execution persistence upx
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral12 behavioral13
- Target
  
  zapret-discord-youtube-main/service_remove.bat
- Size
  
  65B
- MD5
  
  2b13379ee5f8beb73328aaad75595a37
- SHA1
  
  c6684a0bf1df59e315c97d0f3ef677937aaefd71
- SHA256
  
  f014eadf2e5b66b44cf2806bfa06ce91f156f86f823e7a6be279bb757a9103f7
- SHA512
  
  faa5c34d60b987611bf76be6cfcec1bc3452f1a89aba1f081bb0ed8ba4b8d6f1502105a54143d10b31bc41958ec79a84d16611618e55c8b40a551e7ceb621fb4
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
behavioral14 behavioral15
- Target
  
  zapret-discord-youtube-main/winws.exe
- Size
  
  234KB
- MD5
  
  8c624e64742bc19447d52f61edec52db
- SHA1
  
  1e700e2dd61b5d566a651433dc86bd95a6d54449
- SHA256
  
  13fd7a9c6f7c98239a61a212f69211a0f19159b2e8cdae8b1efc57d35cdcd5ad
- SHA512
  
  f676f7aa863fd13494186d4be597c19e49dc8245f6a98a2e9e2f1d09aa9e4cbf7a87c552e49359347b24b46cd1eddfb6edcfcbd6f4ff4d24888831ff182c952a
- SSDEEP
  
  3072:v8eKEoQ4poZkFUIIggeAtqCijmtvzb20QTE7Eh2mS89QB+5Us6V:vtp5GoZ7+VAtqw7S0R7E9Ou8V
Score

5^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral16 behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

evasionexecutionpersistenceupx

behavioral11

evasionexecutionpersistenceupx

behavioral12

evasionexecutionpersistenceupx

behavioral13

evasionexecutionpersistenceupx

behavioral14

evasionexecution

behavioral15

evasionexecution

behavioral16

behavioral17