Overview

overview

10

Static

static

7

N3rwa/161A.exe

windows7-x64

10

N3rwa/161A.exe

windows10-2004-x64

10

N3rwa/ryAMm0z9x.exe

windows7-x64

10

N3rwa/ryAMm0z9x.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0832c8de8dcb7e30f0385662e32b29e14fc176f6156a96feb6753ddef764e09

  • Size

    1.2MB

  • Sample

    240705-jy25msxerc

  • MD5

    361e714af955028a9d1c337e831140d0

  • SHA1

    489e5f437696e5574a82d59f34dfdb2b648ad4f9

  • SHA256

    c0832c8de8dcb7e30f0385662e32b29e14fc176f6156a96feb6753ddef764e09

  • SHA512

    454f8f793da5e2f99eada01356c209b90628307aec811bf98323df496dfab24a4e80822c1a603a0cff9f60ef54c50a423f4f55ee852e11a14be51df78f7861b8

  • SSDEEP

    24576:eeY0JfjXimMQpTdYS/OWtorq/1O1YneY0JfjXipMQpTdYS/OWtorq/1K:e10tLNTTW1Yn10tLoTTWx

Score
10/10
evasiontrojanupx

Malware Config

Targets

    • Target

      N3rwa/161A.exe

    • Size

      529KB

    • MD5

      ee30ba65e2677cb2d452ee877454b80d

    • SHA1

      233b3d372073f5554fa870787e4f9c98a34ce1b3

    • SHA256

      301189153d6f4f1cc7a97265a9707135911eb7adbe1c6d4b479358287141bbd6

    • SHA512

      4aec5d5f5a2506463a8a7ec5d8eaa240b0a25b8f967b580d6c8428c88559494f149d68d3826db50d5eb752aa92fe0c2a73d1b223cc28edbc04d601099e7d361d

    • SSDEEP

      12288:INrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7Dx:IthTiP+ffCfB5Lf0F7Z1E7Dx

    Score
    10/10
    evasiontrojanupx

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      N3rwa/ryAMm0z9x.exe

    • Size

      529KB

    • MD5

      e1716d3a55badde1cc345da0a4b9f518

    • SHA1

      edeeeadee454cfe3c20aedea93a63e5c461732a7

    • SHA256

      9e2e051ea6284657155f55a08a8906e0d5640be1c63a754a20cc46eb8cef2349

    • SHA512

      3bf4ba0f0defe7053b2aaf2b1e621bdb919a0e6aecc55c8660415faa7098e06b0f5bfc6baf22435dd94a5a7524995c06266700d1651effe9708f22ba984e5cd5

    • SSDEEP

      12288:INrhTLpMP+R+QDCfA832AtBYmz6af0F7Z1QVj7D1:IthTiP+ffCfB5Lf0F7Z1E7D1

    Score
    10/10
    evasiontrojanupx

    • UAC bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

2
T1548

Bypass User Account Control

2
T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

2
T1548

Bypass User Account Control

2
T1548.002

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks