Overview

overview

8

Static

static

7

8fa98d104b...3c.exe

windows7-x64

8

8fa98d104b...3c.exe

windows10-2004-x64

8

$PLUGINSDI...el.dll

windows7-x64

7

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$_70_/Basi...r1.exe

windows7-x64

3

$_70_/Basi...r1.exe

windows10-2004-x64

3

$_70_/dotN...up.exe

windows7-x64

7

$_70_/dotN...up.exe

windows10-2004-x64

7

$_70_/hapjyaj.exe

windows7-x64

3

$_70_/hapjyaj.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8fa98d104bb8fcfe1a6200ece1c02faf9e8d12e31d0c6fbc6bbf3d3882b7fd3c.exe

  • Size

    983KB

  • Sample

    250127-e2dt1askdj

  • MD5

    e869ad846639738812a1cb901f801120

  • SHA1

    730e00adff312d1232ea7279926b4018cf0d853b

  • SHA256

    8fa98d104bb8fcfe1a6200ece1c02faf9e8d12e31d0c6fbc6bbf3d3882b7fd3c

  • SHA512

    d8bd53d5e82a3bdcdb0cb0fa5e928e476be87450ad0e4bb03046f5231f5d4f45b2457820cb918122daabf3f9d3737c2e70ed71c74dea85fdbc70ddc2d8732b08

  • SSDEEP

    24576:9GiQdsdzTxXMQCMDtUrbtoKXhn7Hu+tjqUx+kchEvoU:87gxcrNbuK0+tWOchE3

Score
8/10
defense_evasiondiscoverypersistenceprivilege_escalationupx

Malware Config

Targets

    • Target

      8fa98d104bb8fcfe1a6200ece1c02faf9e8d12e31d0c6fbc6bbf3d3882b7fd3c.exe

    • Size

      983KB

    • MD5

      e869ad846639738812a1cb901f801120

    • SHA1

      730e00adff312d1232ea7279926b4018cf0d853b

    • SHA256

      8fa98d104bb8fcfe1a6200ece1c02faf9e8d12e31d0c6fbc6bbf3d3882b7fd3c

    • SHA512

      d8bd53d5e82a3bdcdb0cb0fa5e928e476be87450ad0e4bb03046f5231f5d4f45b2457820cb918122daabf3f9d3737c2e70ed71c74dea85fdbc70ddc2d8732b08

    • SSDEEP

      24576:9GiQdsdzTxXMQCMDtUrbtoKXhn7Hu+tjqUx+kchEvoU:87gxcrNbuK0+tWOchE3

    Score
    8/10
    defense_evasiondiscoverypersistenceprivilege_escalationupx

    • Modifies Windows Firewall

      defense_evasion

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/SelfDel.dll

    • Size

      5KB

    • MD5

      e5786e8703d651bc8bd4bfecf46d3844

    • SHA1

      fee5aa4b325deecbf69ccb6eadd89bd5ae59723f

    • SHA256

      d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774

    • SHA512

      d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3

    • SSDEEP

      96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE

    Score
    7/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      7KB

    • MD5

      11092c1d3fbb449a60695c44f9f3d183

    • SHA1

      b89d614755f2e943df4d510d87a7fc1a3bcf5a33

    • SHA256

      2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

    • SHA512

      c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

    • SSDEEP

      96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      $_70_/BasicCalculator1.exe

    • Size

      15KB

    • MD5

      2924ecdb306ffd3c3c226f4f2b0f9a7e

    • SHA1

      fc17904d30b924d8337c65c42e8f69f1fbc80843

    • SHA256

      6eb6224dfe5af519b3b78d76be107d68a93c012999d790ae733bed6020891aee

    • SHA512

      ddf804359f0f0a1e62dcc69e5942bc0f9e3db3434d1a7a6ad4292bc3de8a455e6989a1dcd82bba2225bda4f5be0d788c05b04c08cbd50f69217fee747292d68d

    • SSDEEP

      384:8lqTZjX7pr3Fi0h1MFiINg3/nonmGfB2MuK:8lqc56Qmm

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $_70_/dotNetFx45_Full_setup.exe

    • Size

      982KB

    • MD5

      9e8253f0a993e53b4809dbd74b335227

    • SHA1

      f6ba6f03c65c3996a258f58324a917463b2d6ff4

    • SHA256

      e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

    • SHA512

      404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

    • SSDEEP

      24576:3idS2cRQNb9dUcyezFSja7zEwA2BH6SEUVGDKX68zuQm6wwr5mAPepC:SQ2cRQh9GexmCxBxVV56CmWQax

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      $_70_/hapjyaj.exe

    • Size

      10KB

    • MD5

      9916cd804c030ab91eabab4c3d1f39f6

    • SHA1

      d01995ac1f61a17211b0c942d38504e35ac89c1a

    • SHA256

      6920bf36c100c838c5fcc48b3665f660e0c158449ed1a42f64cb1c054cf90eef

    • SHA512

      db60ef4e82328841153114c002c7d7664c5f7b7e5a916ea106912a0fe5a9f86a4ffc0a8f062f3cc974982efbc9b0ee7ff56582efe77e34dca001fc8b79d8ccc4

    • SSDEEP

      192:vsfWUOxk5LhBY7FvXRySmUUHDfZiMHnvvRftC5ETf:4WxiheFv0SmUUHDfZTHnv5ftC5ET

    Score
    3/10
    discovery
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks