Overview

overview

10

Static

static

8

spoofer (1).exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    spoofer (1).exe

  • Size

    229KB

  • Sample

    220930-tqslcafadk

  • MD5

    98fc9b714dd0411f5a7b42109b667a76

  • SHA1

    3cbdfd0f204b3cfe0cad3b8870374368a012d155

  • SHA256

    b64dc2f0c3970e7c6bbfbc8122ffffc051f33aa91af10f0a9b02058f434f7c13

  • SHA512

    72475ee64bd9e0739fd7356f4f2710d929b198924e392878d7b0f961b602a5e12d97cb67ac754ba9f365f8bc9de33c863ef171b73a289c6d550c2b819943465a

  • SSDEEP

    6144:vmRHz4mnREj2UDcC2gJ23OymvAKphrdHvG4M+N:vm5028ckJ230R5dPG4J

Score
10/10
evasiontrojanupx

Malware Config

Targets

    • Target

      spoofer (1).exe

    • Size

      229KB

    • MD5

      98fc9b714dd0411f5a7b42109b667a76

    • SHA1

      3cbdfd0f204b3cfe0cad3b8870374368a012d155

    • SHA256

      b64dc2f0c3970e7c6bbfbc8122ffffc051f33aa91af10f0a9b02058f434f7c13

    • SHA512

      72475ee64bd9e0739fd7356f4f2710d929b198924e392878d7b0f961b602a5e12d97cb67ac754ba9f365f8bc9de33c863ef171b73a289c6d550c2b819943465a

    • SSDEEP

      6144:vmRHz4mnREj2UDcC2gJ23OymvAKphrdHvG4M+N:vm5028ckJ230R5dPG4J

    Score
    10/10
    evasiontrojanupx

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies boot configuration data using bcdedit

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks