Overview

overview

8

Static

static

tasks_183.vir.exe

windows7_x64

8

tasks_183.vir.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tasks_183.vir

  • Size

    214KB

  • Sample

    200719-ypknysxf4x

  • MD5

    a6232e5060608d255adb79681bba40cc

  • SHA1

    31ae96c33a48cbb9977351d5899fc4cd72c3e26c

  • SHA256

    c6e6f26516053badbfcd313f80de7b43ef234026fb8317e9855e6a55b80f835d

  • SHA512

    4f76d9a258d15b0023095d5f3cd8eec065abb066596b432840aff9987a78faf8fda9cf00c4d5985ac393ac22c307b4c1ce9f619ee5c5b15db86fd540f6524974

Score
8/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      tasks_183.vir

    • Size

      214KB

    • MD5

      a6232e5060608d255adb79681bba40cc

    • SHA1

      31ae96c33a48cbb9977351d5899fc4cd72c3e26c

    • SHA256

      c6e6f26516053badbfcd313f80de7b43ef234026fb8317e9855e6a55b80f835d

    • SHA512

      4f76d9a258d15b0023095d5f3cd8eec065abb066596b432840aff9987a78faf8fda9cf00c4d5985ac393ac22c307b4c1ce9f619ee5c5b15db86fd540f6524974

    Score
    8/10
    persistenceevasiontrojan

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks