Overview

overview

9

Static

static

97f26035c4...db.exe

windows7-x64

9

97f26035c4...db.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97f26035c413ecce80e0c77e78f9881f93f8fa46b8c3d73c8ab3b52ee4b38ddb

  • Size

    257KB

  • Sample

    220919-qmwl2seedr

  • MD5

    6c223895ea905ce600d0181250f29b39

  • SHA1

    6f5f13a5ea5c383c7531786e5ded485ba80b6303

  • SHA256

    97f26035c413ecce80e0c77e78f9881f93f8fa46b8c3d73c8ab3b52ee4b38ddb

  • SHA512

    3a588cef72037a160a54f6ac82d24d258dfb71485881f87a3e654996509373d1d3b970757dbdecd0bf5296f6662e463551d50941ef25bf833cecfad3501368c3

  • SSDEEP

    3072:Oxd5qdyipX2MB46XN0MKFkAFXrKnYhbwIz3qsuegTqAxMJSvbYjAo6fEuOHCBIv/:Oxdo3cMBrARnhbwIz6sOHiJob6AFdq

Score
9/10
evasiontrojanupx

Malware Config

Targets

    • Target

      97f26035c413ecce80e0c77e78f9881f93f8fa46b8c3d73c8ab3b52ee4b38ddb

    • Size

      257KB

    • MD5

      6c223895ea905ce600d0181250f29b39

    • SHA1

      6f5f13a5ea5c383c7531786e5ded485ba80b6303

    • SHA256

      97f26035c413ecce80e0c77e78f9881f93f8fa46b8c3d73c8ab3b52ee4b38ddb

    • SHA512

      3a588cef72037a160a54f6ac82d24d258dfb71485881f87a3e654996509373d1d3b970757dbdecd0bf5296f6662e463551d50941ef25bf833cecfad3501368c3

    • SSDEEP

      3072:Oxd5qdyipX2MB46XN0MKFkAFXrKnYhbwIz3qsuegTqAxMJSvbYjAo6fEuOHCBIv/:Oxdo3cMBrARnhbwIz6sOHiJob6AFdq

    Score
    9/10
    evasiontrojanupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks