Overview

overview

10

Static

static

8

1b13b7a8c8...43.exe

windows7_x64

10

1b13b7a8c8...43.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b13b7a8c8fe3c31010f803e1125501119059fff0ba84176ae0290863e51c143

  • Size

    320KB

  • Sample

    220607-ylxrqafcfm

  • MD5

    625a017a6371a14f0dd7ba614d87bba3

  • SHA1

    496d24aa0294e28b36932c5b98c71b95b2103c04

  • SHA256

    1b13b7a8c8fe3c31010f803e1125501119059fff0ba84176ae0290863e51c143

  • SHA512

    ddac55dd167f0238390601fe477a754ce95ec16457dabc266f261e50c98235098bbcebd29b5fa550a00cae1446a0bcf406571899796b97b495efed3c3eb6daef

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      1b13b7a8c8fe3c31010f803e1125501119059fff0ba84176ae0290863e51c143

    • Size

      320KB

    • MD5

      625a017a6371a14f0dd7ba614d87bba3

    • SHA1

      496d24aa0294e28b36932c5b98c71b95b2103c04

    • SHA256

      1b13b7a8c8fe3c31010f803e1125501119059fff0ba84176ae0290863e51c143

    • SHA512

      ddac55dd167f0238390601fe477a754ce95ec16457dabc266f261e50c98235098bbcebd29b5fa550a00cae1446a0bcf406571899796b97b495efed3c3eb6daef

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks