Overview

overview

10

Static

static

10

AthenaX SS...aX.exe

windows7-x64

7

AthenaX SS...aX.exe

windows10-2004-x64

9

AthenaX SS/Dapper.exe

windows7-x64

1

AthenaX SS/Dapper.exe

windows10-2004-x64

1

AthenaX SS/mapper.exe

windows7-x64

7

AthenaX SS/mapper.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AthenaXSS.rar

  • Size

    95.4MB

  • Sample

    250222-thb9dssqdw

  • MD5

    b26c970a34d6791f9e664a15be31b296

  • SHA1

    38eb7729aed4199a48a63380ad154cf3dd11ea57

  • SHA256

    bd54a05941657f9fae17adcb35ce3f427411e8c40c56fb8cc9dce9a9f93a447a

  • SHA512

    99366b17d0e68ac67bf645bb88632dcf13847786d3ff880631d8233987f3a8814b4825d6c3605019cfc4e40bc0837a7c6cbb9f1068fc187d3c894578a8844cdf

  • SSDEEP

    1572864:8k+VKAXKDfFLymF5w0Qu7xjOssSx8LJcEPHreJk4/trgwtaed8fITU47bgT253CM:8DcpEmc0b7pOss6ecEPCJkmtrgwtajfQ

Score
10/10
blankgrabberpysilondefense_evasiondiscoveryexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      AthenaX SS/AthenaX.exe

    • Size

      88.5MB

    • MD5

      b43419bf06eea2ad4053f2563890337a

    • SHA1

      fde381c42012d58265df53636dda41dc99270bc3

    • SHA256

      b681101d94f0e6d27dd77fb50786b4951e06657002c4a4804088ad5e09e9c3be

    • SHA512

      5f3c1fe4e26276b4085f5ddd3aaa3b967ae3e36ba510e6dabd6c4473a815b8e9eb0e57f2048be57b703e4dcbdfd8d5458394f1f0daa3a0ba04916f48b8e2333a

    • SSDEEP

      1572864:m2GKlqwrWdGbOkiqOv8im2AUr4E7Blirt/iYgj+h58sMwRe369cJ50R:mnKMw/bOknOv8i3Lrrwph5Ve3L0

    Score
    9/10
    upxdefense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      AthenaX SS/Dapper.dll

    • Size

      285KB

    • MD5

      b7df8d82037c9954a3aa81d76e6cc55b

    • SHA1

      87040f1a81f5bb4ffec9acc22b4e56881c2f87ad

    • SHA256

      982ceecec1edec7eefb8e33981955a1c2d4f6f855335da28ee32555fe0f06fb4

    • SHA512

      2da59c7d3cc372075fd6d9042db7dfec5b9412a9926b799d0070bf329fc16b902e884116d3d070e27c450e1ef256c5e2d226a602396468fc75b817cd48e525ec

    • SSDEEP

      6144:zxbx/Pu87pvJ2BsUGLmrsqZpAMycZJYYcNI/b4Y5pScOTgy:9ZPuUvEOLsdZp3rD4IT4Yjy

    Score
    1/10
    behavioral3behavioral4

    • Target

      AthenaX SS/mapper.exe

    • Size

      8.1MB

    • MD5

      84898b594013fe8738a1292c8e50ff69

    • SHA1

      c44e66431b0d41783abe9babb9be7a6b248d3ae3

    • SHA256

      d1cfd7861809aec2b36cfe924f44a10f3d80322d5e8c3ccfa9fdb750ac108a0e

    • SHA512

      f7053095a5c69364d3491e2781fe36079a0bbc30ed923753374155f1f12a50e184207ef1365894da1b7a6023f8326a6a4807d48e3ddee9a5849a2eb52e846f12

    • SSDEEP

      196608:oYboOshoKMuIkhVastRL5Di3unSEC1DVNhP:oYboOshouIkPftRL54XL3NhP

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks