4c4b5c0168820b83df1bf14fb385fc0e48bf896c9868b8d8357dbac613b4b46d | Triage

Sharing

General

Target

4c4b5c0168820b83df1bf14fb385fc0e48bf896c9868b8d8357dbac613b4b46dN.exe
Size

20KB
Sample

250120-k6vwzaslen
MD5

753d99248cd46572938a6700ba2d6550
SHA1

453edba4c9d47ddeb28b83f05231fa9554e61c60
SHA256

4c4b5c0168820b83df1bf14fb385fc0e48bf896c9868b8d8357dbac613b4b46d
SHA512

9cc5419ded48d41812b044aa6b2afc215b5eb4d42f2372fc06f671c183a04399e137bfae924fb3b0c01f10205b593ecfe26b34063581fb1b52268682d32083c3
SSDEEP

384:xScEHK2HaSvfKzxWQ7U+UqzykEX/RAjnP/nvdOsy1kwOw:Qc4PH3yzJ7U+UqS+DVOIwO

Score

10^/10

discovery evasion execution persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  4c4b5c0168820b83df1bf14fb385fc0e48bf896c9868b8d8357dbac613b4b46dN.exe
- Size
  
  20KB
- MD5
  
  753d99248cd46572938a6700ba2d6550
- SHA1
  
  453edba4c9d47ddeb28b83f05231fa9554e61c60
- SHA256
  
  4c4b5c0168820b83df1bf14fb385fc0e48bf896c9868b8d8357dbac613b4b46d
- SHA512
  
  9cc5419ded48d41812b044aa6b2afc215b5eb4d42f2372fc06f671c183a04399e137bfae924fb3b0c01f10205b593ecfe26b34063581fb1b52268682d32083c3
- SSDEEP
  
  384:xScEHK2HaSvfKzxWQ7U+UqzykEX/RAjnP/nvdOsy1kwOw:Qc4PH3yzJ7U+UqS+DVOIwO
Score

10^/10

discovery evasion execution persistence privilege_escalation upx
- Disables service(s)
  evasion execution
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Account Manipulation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Permission Groups Discovery

Local Groups

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexecutionpersistenceprivilege_escalationupx

behavioral2

discoveryevasionexecutionpersistenceprivilege_escalationupx