30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407 | Triage

Submit
Reports

Overview

overview

Static

static

8

30bf6807c4...07.exe

windows7-x64

30bf6807c4...07.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407
Size

718KB
Sample

220919-rtccesgffk
MD5

1195beca8ee4042294bfc3655414d84c
SHA1

8e39660fa7f02f4ff402deef9e6e2bf8c460df02
SHA256

30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407
SHA512

ed2dee8283496d9327920c78840d73af5640b12b84eaafd70f0834286994883cbfb7394c902077d51fe9336b7255d001d0962c7ec7b501e77c442d579603773a
SSDEEP

12288:ueKrJJuf86AYcwo8oSAcNEMZMAFOVhEce7Zaxb7eInfX6Kt6supy3HZUvz30:uruf/AfwKcLLFRHZaxb7eoKqZUvr0

Score

10^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407.exe

Resource

win7-20220901-en

persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407.exe

Resource

win10v2004-20220901-en

persistence upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407
- Size
  
  718KB
- MD5
  
  1195beca8ee4042294bfc3655414d84c
- SHA1
  
  8e39660fa7f02f4ff402deef9e6e2bf8c460df02
- SHA256
  
  30bf6807c409957eb9c6d90c083d4c68ff3aa71c112f843b455c5a1dccc91407
- SHA512
  
  ed2dee8283496d9327920c78840d73af5640b12b84eaafd70f0834286994883cbfb7394c902077d51fe9336b7255d001d0962c7ec7b501e77c442d579603773a
- SSDEEP
  
  12288:ueKrJJuf86AYcwo8oSAcNEMZMAFOVhEce7Zaxb7eInfX6Kt6supy3HZUvz30:uruf/AfwKcLLFRHZaxb7eoKqZUvr0
Score

10^/10

persistence upx
- Modifies system executable filetype association
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy