Overview

overview

8

Static

static

1

files/convert.sh

ubuntu-18.04-amd64

1

files/convert.sh

debian-9-armhf

1

files/convert.sh

debian-9-mips

1

files/convert.sh

debian-9-mipsel

1

files/conv...plugin

ubuntu-18.04-amd64

1

files/conv...plugin

debian-9-armhf

1

files/conv...plugin

debian-9-mips

1

files/conv...plugin

debian-9-mipsel

1

files/depends_win.ps1

windows7-x64

3

files/depends_win.ps1

windows10-2004-x64

8

uup_download_linux.sh

ubuntu-18.04-amd64

1

uup_download_linux.sh

debian-9-armhf

1

uup_download_linux.sh

debian-9-mips

1

uup_download_linux.sh

debian-9-mipsel

1

uup_download_macos.sh

ubuntu-18.04-amd64

1

uup_download_macos.sh

debian-9-armhf

1

uup_download_macos.sh

debian-9-mips

1

uup_download_macos.sh

debian-9-mipsel

1

uup_downlo...ws.cmd

windows7-x64

3

uup_downlo...ws.cmd

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8011189f1c05d2018825f0cebaae4e775d6f84656c5c28020426707bc51b7478

  • Size

    20KB

  • Sample

    241014-ak5h6sxhjp

  • MD5

    e4d2b9e387567124fa047b0562b11685

  • SHA1

    6c365f3132cde63e9e225fa721e30aad6cedbd6e

  • SHA256

    8011189f1c05d2018825f0cebaae4e775d6f84656c5c28020426707bc51b7478

  • SHA512

    7ab0951f804750647f41a08855afb73716396cc020beba03ef45a6af9cd9981df946a77ab9d5a74e0347dbb46d3963da34e3af0192f7c5dd2eaabf6d674a7220

  • SSDEEP

    384:KacCO9PtPmJQ6Ntg+QrN2NGORBTxyjyy4F1FILWVyT57OloTv3I5M9Ash2PGAFzE:KacCUpYQrQBTxyjdAip540v3I5IAq

Score
8/10
discoveryexecutionlinuxupx

Malware Config

Targets

    • Target

      files/convert.sh

    • Size

      18KB

    • MD5

      570ebec772a284ccbb30cb84fcc2afa0

    • SHA1

      fcacd5161987b4f23e62efb4bf6b1bd9de244429

    • SHA256

      689ba88620ae9e49d370341422ece227fd3f08014a0b6f3e302e9528648ff4ab

    • SHA512

      3f0d8edf82263cad36cf5fb02a3da2a69a9b174513fe50aa62c187138904870b715c0bbe585237be47f1bbee7bb24ca28fd4d55a33d873400e4c9f210402e8e7

    • SSDEEP

      192:w4Cb/pQoRDnBUGlIcjvaSPlJu7EeDupgWiaKCZPFJoY8WFlvcFOes/qy5WGo9zmU:w4qQoAGllUYe6q6JcoesyyO9+JIp

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      files/convert_ve_plugin

    • Size

      79KB

    • MD5

      b35a8b5a0fbb6eeee73a20cf925dabf8

    • SHA1

      34d80739819cf13be9b9ff6af83ada0e4d6eb8e4

    • SHA256

      02db2f5f2caf742daa6aeaa189d9af27775e8457db48fadd8d71bb1be5982eae

    • SHA512

      e5e2a9b1d3f922fea0df90df70a93841c243cb586fb6ff1b549ed2c669df46a00b2a82f77641be65b32e0bec22950026efbc4da7250a130613b5b9739407354f

    • SSDEEP

      384:6O5vmF9cUYSzm4toUNLnRuG0Vi6IUSpT66FzqITIP6uyyFjK4BTtSOd3//ONNBvs:3Ipm/wTSK8vuLvs

    Score
    1/10
    behavioral5behavioral6behavioral7behavioral8

    • Target

      files/depends_win.ps1

    • Size

      2KB

    • MD5

      912a3d024dbc29eca76158d8dde91b3a

    • SHA1

      a884228e290d86143fd011c46cac9b508fcfa9a0

    • SHA256

      b49d299db82b5658d13ef08c5ea98eded5f8b248e8c760b2e2fddb3b7b919bf1

    • SHA512

      4c2687d2140cec5f9c36aead131aa9b21721dfd48771dfb09f61bf7030d980c78447bb7d03958cec93ea1aac30acecc3cab3f0ba9bd6f60330d11d3feef2a575

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    behavioral10behavioral9

    • Target

      uup_download_linux.sh

    • Size

      2KB

    • MD5

      63217bb94de445fa992eb4b9c557d883

    • SHA1

      aae72fb09cdb3009d1085999f91393facfeea9ea

    • SHA256

      eb44ed830ecf5b57cb5120a09990f53441c83ec47c7967c771dad822c8607aec

    • SHA512

      89554b25ab05bc6b91c85dadad3e1a313f70bd1c275e76a32857d8758f9a805f840afded7b3171c526d6816a9da90e56ca810eff986d3229a68efe0e1275d248

    Score
    1/10
    behavioral11behavioral12behavioral13behavioral14

    • Target

      uup_download_macos.sh

    • Size

      2KB

    • MD5

      63217bb94de445fa992eb4b9c557d883

    • SHA1

      aae72fb09cdb3009d1085999f91393facfeea9ea

    • SHA256

      eb44ed830ecf5b57cb5120a09990f53441c83ec47c7967c771dad822c8607aec

    • SHA512

      89554b25ab05bc6b91c85dadad3e1a313f70bd1c275e76a32857d8758f9a805f840afded7b3171c526d6816a9da90e56ca810eff986d3229a68efe0e1275d248

    Score
    1/10
    behavioral15behavioral16behavioral17behavioral18

    • Target

      uup_download_windows.cmd

    • Size

      4KB

    • MD5

      e3ad92a7fe0fa5e41e31b4ec5bdd9ee6

    • SHA1

      a8e132ddc983eb592a0d7ceeef69f7d3ad85018d

    • SHA256

      69e7617edabf6f9ce8f1180a7b9d0f943bd260dca25aaa63e5abd4973c85d8f6

    • SHA512

      458389e06733c6132d5e81a8e61f25c4a9c64047252593e1398ac6195f679d3247f40496c0c678f4f2a71ece28e7088a387fab7f4eb3d1d0ba63b9814468ddcf

    • SSDEEP

      48:lA29vuGyjrk7PLhPsjFHSUGQ0vtnXHzFiuEJ/mxOh8U7I56YUXQxOh8U7I56YjH/:lZw3m8sQoqJ+xOHsQYUXQxOHsQYb/

    Score
    8/10
    executiondiscoveryupx

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral19behavioral20

MITRE ATT&CK Enterprise v15

Tasks