Overview

overview

10

Static

static

5

Extreme_V4.2.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Extreme_V4.2.exe

  • Size

    44KB

  • Sample

    241206-3hgcsatmfz

  • MD5

    42543291c63df7ea7c65ecb6577f915a

  • SHA1

    8ea6dac698bd1f222406247267d251bc752b0ec2

  • SHA256

    49aa63c8ffb77bae81987916b809f168442807c87de01f7baa01b430a28a669f

  • SHA512

    c98514fcf6e8b8f8b53793ce9ed773d78ba3aee7411c7a35fd8c047dda6def5556d36582138159f418744410242f10f3a6cdc91723e572b664478e61ef643523

  • SSDEEP

    768:GoVzlbz8pRftp9hNsOjz4td8n07CO0f8cbFX36F8nbcuyD7U:FNlbuRfbF/jzeq0eO00oaCnouy8

Score
10/10
discoveryevasionexecutionlateral_movementpersistencetrojanupx

Malware Config

Targets

    • Target

      Extreme_V4.2.exe

    • Size

      44KB

    • MD5

      42543291c63df7ea7c65ecb6577f915a

    • SHA1

      8ea6dac698bd1f222406247267d251bc752b0ec2

    • SHA256

      49aa63c8ffb77bae81987916b809f168442807c87de01f7baa01b430a28a669f

    • SHA512

      c98514fcf6e8b8f8b53793ce9ed773d78ba3aee7411c7a35fd8c047dda6def5556d36582138159f418744410242f10f3a6cdc91723e572b664478e61ef643523

    • SSDEEP

      768:GoVzlbz8pRftp9hNsOjz4td8n07CO0f8cbFX36F8nbcuyD7U:FNlbuRfbF/jzeq0eO00oaCnouy8

    Score
    10/10
    discoveryevasionexecutionlateral_movementpersistencetrojanupx

    • UAC bypass

      evasiontrojan

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Remote Services: SMB/Windows Admin Shares

      Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

      lateral_movement

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Event Triggered Execution

1
T1546

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Remote Services

1
T1021

SMB/Windows Admin Shares

1
T1021.002

Collection

Command and Control

Exfiltration

Impact

Tasks