ba3d8fc30278371c610a3a787e0484b2099f8719c257c437646aeef898431b70 | Triage

Sharing

General

Target

Windows Loader v2.2.2.7z
Size

1.4MB
Sample

250327-rdxy7avny4
MD5

76f71b6f74e688f4432f3a5514bb2049
SHA1

82ed3d8e7e0786b461aa94f2b9d970c9483d7d4c
SHA256

ba3d8fc30278371c610a3a787e0484b2099f8719c257c437646aeef898431b70
SHA512

80a0f270e32df2b14aa0ede1f9d682de5b17f2400b4f6cc85e8f247f152a97d6d55c7f82429f87bfc0fa9d7ce5dbe38c0e7475dbb7779b1806d7639989e9e3ad
SSDEEP

24576:z3vhRjlI7cHUWDyFlrzFxUFfCeNvAppaJplE06wzGcwip1nISL51qFHyxGWF8A:z3vhpHaFxcfCe+YXtwi95wHyxbF8A

Score

8^/10

discovery exploit upx

Malware Config

Targets

- Target
  
  Windows Loader v2.2.2.7z
- Size
  
  1.4MB
- MD5
  
  76f71b6f74e688f4432f3a5514bb2049
- SHA1
  
  82ed3d8e7e0786b461aa94f2b9d970c9483d7d4c
- SHA256
  
  ba3d8fc30278371c610a3a787e0484b2099f8719c257c437646aeef898431b70
- SHA512
  
  80a0f270e32df2b14aa0ede1f9d682de5b17f2400b4f6cc85e8f247f152a97d6d55c7f82429f87bfc0fa9d7ce5dbe38c0e7475dbb7779b1806d7639989e9e3ad
- SSDEEP
  
  24576:z3vhRjlI7cHUWDyFlrzFxUFfCeNvAppaJplE06wzGcwip1nISL51qFHyxGWF8A:z3vhpHaFxcfCe+YXtwi95wHyxbF8A
Score

1^/10
behavioral1 behavioral2
- Target
  
  Windows Loader v2.2.2/Keys.ini
- Size
  
  15KB
- MD5
  
  3ba4950bcf43b1c7b714a1d93b57ea86
- SHA1
  
  31e7963d19a5e7282d1b6e7476b8923ab26cb8a0
- SHA256
  
  1384c5fd758a1bd8c9372594503e22d71b0877d332886a1b7d50cb86c4a0a13c
- SHA512
  
  2165e5047334940b77c93bbe4b2eaae1fe924069a9f946f39dd0f5533c0e161a7322e63de378194b96294d33c494240209dd1f6f32dd45c580cb0c058dd93148
- SSDEEP
  
  384:WskcEQbtTPQ7xa3VUEV/HwRGjyfdW6fnxZbQr:Ws2QJw+hPz+flbQr
Score

1^/10
behavioral3 behavioral4
- Target
  
  Windows Loader v2.2.2/Read me.txt
- Size
  
  32KB
- MD5
  
  3e83d11dcd0d1dc8b6cf531353cf9e81
- SHA1
  
  0853bfd45b91252a7dc10bd34a4aed267ee67e43
- SHA256
  
  b5fcbf4b91c436640aab0e8106f942cd47080bf799a22d747b5cf898bd13475c
- SHA512
  
  18f67001f935021a80b4ee81a9a8ed3b2f9239f8f1d2779114631f90aef4d91d109b15c0722d8cdc13bbc6bac652e361b0835e6a075a3ff55fd4ed7f6f393fcc
- SSDEEP
  
  768:pKymLFrk3yV2pX/htvMGOHkOaf7luCfp3yeIvWVp9h:o5k3yV2pvhtvMGOHkOaf75fp3yeuWVpX
Score

1^/10
behavioral5 behavioral6
- Target
  
  Windows Loader v2.2.2/Windows Loader.exe
- Size
  
  3.8MB
- MD5
  
  323c0fd51071400b51eedb1be90a8188
- SHA1
  
  0efc35935957c25193bbe9a83ab6caa25a487ada
- SHA256
  
  2f2aba1e074f5f4baa08b524875461889f8f04d4ffc43972ac212e286022ab94
- SHA512
  
  4c501c7135962e2f02b68d6069f2191ddb76f990528dacd209955a44972122718b9598400ba829abab2d4345b4e1a4b93453c8e7ba42080bd492a34cf8443e7e
- SSDEEP
  
  49152:cEYCFEvlmOmTgtFM3uK5m3imrHuiff+puWV355FXw/+zuWV355FXw/+DuWV355FP:cEYzEFTgtFM3ukm3imPnt
Score

8^/10

discovery exploit upx
- Possible privilege escalation attempt
  exploit
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  Windows Loader v2.2.2/checksums.md5
- Size
  
  145B
- MD5
  
  cab45d50be4c1fc788d29593464b1f35
- SHA1
  
  d38b7abee249bc2751dd5373b358f69b895d5a8c
- SHA256
  
  c083f57ac4d8a5eaf9bc934f08204a691fa9e4fd275f90aaadfd195a4eef820f
- SHA512
  
  ee9548867850c018544c2d1cbf512ea759be2fd276113ae89354cdbcae7fd549bf47bbf3ccdbce5ff8a17702dcd36f90b01f512da576fc9528a41e87d2c378f4
Score

3^/10

discovery
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoveryexploitupx

behavioral8

behavioral9

behavioral10