eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00 | Triage

Submit
Reports

Overview

overview

Static

static

8

eb03d99021...00.exe

windows7-x64

eb03d99021...00.exe

windows10-2004-x64

Sharing

General

Target

eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00
Size

546KB
Sample

220919-z795lsdecr
MD5

d6b11506de5f5eefcdc2f1810383efdc
SHA1

acbe4dcf0fdb473012dc7b11bdcd51123183bf4f
SHA256

eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00
SHA512

9c3cbbd1069cf1e5b7a8237aecb1902594c976736b4c1090855eaedae8168ebcfadcbcb07321ff1a78cdc5145b30421913ad5b8ae43e531bb8be0f68dff4b9fe
SSDEEP

12288:BswSLTlPmtD3POXb0dq7bra9awiV9E8iGBTtejmKBFXhb2PqtOG+T9NhRaHLaJ9M:G1LIt7PDArHJNBSmKbki4190

Score

10^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00.exe

Resource

win7-20220901-en

persistence upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00.exe

Resource

win10v2004-20220812-en

persistence upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://report22new.com/inst.php?id=02907

Targets

- Target
  
  eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00
- Size
  
  546KB
- MD5
  
  d6b11506de5f5eefcdc2f1810383efdc
- SHA1
  
  acbe4dcf0fdb473012dc7b11bdcd51123183bf4f
- SHA256
  
  eb03d99021bd9508f21e806ea73bb846c6ec296839ddc8397384a8a397967f00
- SHA512
  
  9c3cbbd1069cf1e5b7a8237aecb1902594c976736b4c1090855eaedae8168ebcfadcbcb07321ff1a78cdc5145b30421913ad5b8ae43e531bb8be0f68dff4b9fe
- SSDEEP
  
  12288:BswSLTlPmtD3POXb0dq7bra9awiV9E8iGBTtejmKBFXhb2PqtOG+T9NhRaHLaJ9M:G1LIt7PDArHJNBSmKbki4190
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy