Description
Detects executables packed with UPX/modified UPX open source packer.
45f3b07fe66f65cac16b6765e83dbb1fa8a8370ccd18289a475a12d1997a023b
General
Target
Size
Sample
45f3b07fe66f65cac16b6765e83dbb1fa8a8370ccd18289a475a12d1997a023b
3MB
220520-fm1kwsdgbp
Score
8 /10
MD5
SHA1
SHA256
SHA512
d3d1533bc18876734a9129292fddfffd
6175542967e7ceb68da1d885e3bbcb98d17c87d8
45f3b07fe66f65cac16b6765e83dbb1fa8a8370ccd18289a475a12d1997a023b
684c69c4d75c1d7950862f8b8be511e74e5773333a6e7e02dabfefa90d6d7f0185e0a4fd1ed567164aec20eaf8ad6339145b8e55171c2a4ac1ea8c00dc3b72cd
Malware Config
Targets
Target
MD5
Filesize
Dota2mode.exe
888d36190614310fbfc16548f3568e84
3MB
Score
8/10
SHA1
SHA256
SHA512
238d4bc0cdc004c1c2be109058375e85f6342fc8
d90639401e952a40009d20a954359d899c318c442d03b43f2a81b7b3fc00dd92
23852fddcbdc526bfeebd7fad33715553e155c3d16a9ae67b314da0f4678ae5fe761c6fa9894be3fe43b84666db29e08f7d77cdce5b27944e33cab3f53ab39f9
Tags
Signatures
-
Executes dropped EXE
-
UPX packed file
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Cryptocurrency Miner
Description
Makes network request to known mining pool URL.
Tags
-
Drops startup file
-
Loads dropped DLL
Related Tasks
Target
MD5
Filesize
dota2descop.dll
e1f41034e6894d9d23a6db2a6e5b0dfc
501KB
Score
1/10
SHA1
SHA256
SHA512
4262109ce58a2eaf7fb09073e41aab56d7274235
526f69142edc80cb1f261acdb7c73ce3db841d21ac26bee6715f604c8a238be1
8d03a25dfe13a77461abf50e0fadeb7b16408f36e0b206e8a33a5d5f6ecee3560c54e1adaa219598c76161b8e1536bac67fd1f04085f483c791d56d20a36c57a
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks