bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8 | Triage

Submit
Reports

Overview

overview

9

Static

static

bbdf6022d1...a8.exe

windows7-x64

9

bbdf6022d1...a8.exe

windows10-2004-x64

9

Sharing

General

Target

bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
Size

850KB
Sample

220930-y65ytsefg8
MD5

617935448c3a5753762ac8c59d002b09
SHA1

547c265e6940de4eaa9b756f3eabd44e5945b8aa
SHA256

bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
SHA512

88dfba3cc824a0430b14962395d0f5ed93eb559e077d9162b1d4577d1f8a1e2110a9e87b2e5eb928560f4f087964d923644b120c1b384b43f232c2b1ca6245de
SSDEEP

6144:5tvrVv35gx/v6TTBgU5dsbopjLn5i2Lm8pbu5n+QKyX37RodENtQsEb8bKQdh/zH:HpvJKOdsKjL33e7RodvB5

Score

9^/10

miner upx

Static task

static1

Behavioral task

behavioral1

Sample

bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8.exe

Resource

win7-20220812-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
- Size
  
  850KB
- MD5
  
  617935448c3a5753762ac8c59d002b09
- SHA1
  
  547c265e6940de4eaa9b756f3eabd44e5945b8aa
- SHA256
  
  bbdf6022d12ea88e1fad8b6806e5353b407a12cac98b82e3742a6b6aef43d0a8
- SHA512
  
  88dfba3cc824a0430b14962395d0f5ed93eb559e077d9162b1d4577d1f8a1e2110a9e87b2e5eb928560f4f087964d923644b120c1b384b43f232c2b1ca6245de
- SSDEEP
  
  6144:5tvrVv35gx/v6TTBgU5dsbopjLn5i2Lm8pbu5n+QKyX37RodENtQsEb8bKQdh/zH:HpvJKOdsKjL33e7RodvB5
Score

9^/10

miner upx
- Detectes Phoenix Miner Payload
  miner
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy