a5dc155fa98ab7edaa456de7fb437b5ba07ce3401416a25a92693a37df1c6300 | Triage

Submit
Reports

Overview

overview

Static

static

3

MRPQTGv125.0.exe

windows7-x64

8

MRPQTGv125.0.exe

windows10-2004-x64

Sharing

General

Target

MRPQTGv125.0.exe
Size

7.7MB
Sample

250227-ddekysssc1
MD5

76d9bda14978cfb72485c6032c800fad
SHA1

29a8a065531bcfe7adb0d1a7b7adb78cd336e14c
SHA256

a5dc155fa98ab7edaa456de7fb437b5ba07ce3401416a25a92693a37df1c6300
SHA512

be4c21a721e0586fc15e780d956a80d78a8610180f9eddb7e308e64956bac7c1c121a7740f519b6b8bc5110b81f2237309b3fbbebefb17544d45cb81d6eaa65b
SSDEEP

98304:n4p/sbedo6JBrqU1TzhFc20tWsc20tWFc20tWtc20tWlHlCc20tWuiFmfpP4g:n6doe95FVuVPVHV3HlCVoDpP4g

Score

10^/10

defense_evasion discovery execution persistence privilege_escalation trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

MRPQTGv125.0.exe

Resource

win7-20241010-en

defense_evasion discovery persistence privilege_escalation upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

MRPQTGv125.0.exe

Resource

win10v2004-20250217-en

defense_evasion discovery execution persistence privilege_escalation trojan upx

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  MRPQTGv125.0.exe
- Size
  
  7.7MB
- MD5
  
  76d9bda14978cfb72485c6032c800fad
- SHA1
  
  29a8a065531bcfe7adb0d1a7b7adb78cd336e14c
- SHA256
  
  a5dc155fa98ab7edaa456de7fb437b5ba07ce3401416a25a92693a37df1c6300
- SHA512
  
  be4c21a721e0586fc15e780d956a80d78a8610180f9eddb7e308e64956bac7c1c121a7740f519b6b8bc5110b81f2237309b3fbbebefb17544d45cb81d6eaa65b
- SSDEEP
  
  98304:n4p/sbedo6JBrqU1TzhFc20tWsc20tWFc20tWtc20tWlHlCc20tWuiFmfpP4g:n6doe95FVuVPVHV3HlCVoDpP4g
Score

10^/10

defense_evasion discovery persistence privilege_escalation upx execution trojan
- Windows security bypass
  defense_evasion trojan
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Modifies boot configuration data using bcdedit
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Power Settings

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistenceprivilege_escalationupx

behavioral2

defense_evasiondiscoveryexecutionpersistenceprivilege_escalationtrojanupx

© 2018-2025

Terms | Privacy