3bc58204a86ea506d6459ce56521bbd293ce2232f90057e8395e9012797ae989

Sharing

Copy URL

Twitter E-mail

General

Target

9e4e79e286d47e03357aa63adedfe826.exe
Size

3.7MB
Sample

250201-s1m8yazqek
MD5

9e4e79e286d47e03357aa63adedfe826
SHA1

1dd8464c591c2bc996d608d48400336a0640686d
SHA256

3bc58204a86ea506d6459ce56521bbd293ce2232f90057e8395e9012797ae989
SHA512

ab6d8be74862c5564fdb95f3ab7a701bd99ee9aa798410b520631fd526dee4f40804b7722b2f040fc4b3943d47d6f82cb2b7a62981d8dd64d2a76021433df002
SSDEEP

98304:80qQnTwOIaZ1a7hp6K+QAjN+J4ur2GNaA4P6mPACJDLws:8gT/VZ1a7OlZ+J4XGwXNPF0s

Score

8^/10

Malware Config

Targets

- Target
  
  9e4e79e286d47e03357aa63adedfe826.exe
- Size
  
  3.7MB
- MD5
  
  9e4e79e286d47e03357aa63adedfe826
- SHA1
  
  1dd8464c591c2bc996d608d48400336a0640686d
- SHA256
  
  3bc58204a86ea506d6459ce56521bbd293ce2232f90057e8395e9012797ae989
- SHA512
  
  ab6d8be74862c5564fdb95f3ab7a701bd99ee9aa798410b520631fd526dee4f40804b7722b2f040fc4b3943d47d6f82cb2b7a62981d8dd64d2a76021433df002
- SSDEEP
  
  98304:80qQnTwOIaZ1a7hp6K+QAjN+J4ur2GNaA4P6mPACJDLws:8gT/VZ1a7OlZ+J4XGwXNPF0s
Score

8^/10

defense_evasion discovery persistence privilege_escalation upx
- Modifies Windows Firewall
  defense_evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SelfDel.dll
- Size
  
  5KB
- MD5
  
  e5786e8703d651bc8bd4bfecf46d3844
- SHA1
  
  fee5aa4b325deecbf69ccb6eadd89bd5ae59723f
- SHA256
  
  d115bce0a787b4f895e700efe943695c8f1087782807d91d831f6015b0f98774
- SHA512
  
  d14ad43a01db19428cd8ccd2fe101750860933409b5be2eb85a3e400efcd37b1b6425ce84e87a7fe46ecabc7b91c4b450259e624c178b86e194ba7da97957ba3
- SSDEEP
  
  96:NdekHUj5z13cPopei+Ml9PNDFbS7xg+TScrQ5:NdeuU9xcPopr+M9FbSS+TSE
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  11092c1d3fbb449a60695c44f9f3d183
- SHA1
  
  b89d614755f2e943df4d510d87a7fc1a3bcf5a33
- SHA256
  
  2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77
- SHA512
  
  c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a
- SSDEEP
  
  96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $_58_/BasicCalculator1.exe
- Size
  
  15KB
- MD5
  
  2924ecdb306ffd3c3c226f4f2b0f9a7e
- SHA1
  
  fc17904d30b924d8337c65c42e8f69f1fbc80843
- SHA256
  
  6eb6224dfe5af519b3b78d76be107d68a93c012999d790ae733bed6020891aee
- SHA512
  
  ddf804359f0f0a1e62dcc69e5942bc0f9e3db3434d1a7a6ad4292bc3de8a455e6989a1dcd82bba2225bda4f5be0d788c05b04c08cbd50f69217fee747292d68d
- SSDEEP
  
  384:8lqTZjX7pr3Fi0h1MFiINg3/nonmGfB2MuK:8lqc56Qmm
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $_58_/winrar-x64-701.exe
- Size
  
  3.8MB
- MD5
  
  46c17c999744470b689331f41eab7df1
- SHA1
  
  b8a63127df6a87d333061c622220d6d70ed80f7c
- SHA256
  
  c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
- SHA512
  
  4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
- SSDEEP
  
  98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB
Score

5^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral10 behavioral9
- Target
  
  $_58_/wtzltypssnrzhu.exe
- Size
  
  10KB
- MD5
  
  9916cd804c030ab91eabab4c3d1f39f6
- SHA1
  
  d01995ac1f61a17211b0c942d38504e35ac89c1a
- SHA256
  
  6920bf36c100c838c5fcc48b3665f660e0c158449ed1a42f64cb1c054cf90eef
- SHA512
  
  db60ef4e82328841153114c002c7d7664c5f7b7e5a916ea106912a0fe5a9f86a4ffc0a8f062f3cc974982efbc9b0ee7ff56582efe77e34dca001fc8b79d8ccc4
- SSDEEP
  
  192:vsfWUOxk5LhBY7FvXRySmUUHDfZiMHnvvRftC5ETf:4WxiheFv0SmUUHDfZTHnv5ftC5ET
Score

3^/10

discovery
behavioral11 behavioral12