Overview

overview

8

Static

static

cfce93d80c...3b.exe

windows7_x64

8

cfce93d80c...3b.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfce93d80c442194d4750ff22eab13e2a37e545caff4d448ba93760590f63f3b

  • Size

    3.3MB

  • Sample

    210508-pt16g9pbg2

  • MD5

    ff36e55c32797704f09e344148c66cf2

  • SHA1

    f3ee023dbfc31ed8881932b25511155ade5ab633

  • SHA256

    cfce93d80c442194d4750ff22eab13e2a37e545caff4d448ba93760590f63f3b

  • SHA512

    987fc3b7a46ef9ac6643c16173af0f81d6bc15887de695c794b0a1d133a50d00a914814423c5cd69ba1019c5c3fcb2c5626c1561cec295e028a5eb871ba4ddab

Score
8/10
macropersistenceupx

Malware Config

Targets

    • Target

      cfce93d80c442194d4750ff22eab13e2a37e545caff4d448ba93760590f63f3b

    • Size

      3.3MB

    • MD5

      ff36e55c32797704f09e344148c66cf2

    • SHA1

      f3ee023dbfc31ed8881932b25511155ade5ab633

    • SHA256

      cfce93d80c442194d4750ff22eab13e2a37e545caff4d448ba93760590f63f3b

    • SHA512

      987fc3b7a46ef9ac6643c16173af0f81d6bc15887de695c794b0a1d133a50d00a914814423c5cd69ba1019c5c3fcb2c5626c1561cec295e028a5eb871ba4ddab

    Score
    8/10
    macropersistenceupx

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with macros.

      macro

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks