Overview

overview

10

Static

static

8

3b4fcf2dd9...25.exe

windows7-x64

10

3b4fcf2dd9...25.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3b4fcf2dd9801836eb78acfe6a4898a6caf1138e3c6a3d6305c56f1920a00725

  • Size

    722KB

  • Sample

    221002-hkz8fsdhck

  • MD5

    6d5409f4481a16238033453a868146d0

  • SHA1

    aa7cfb4c09b3749850cf3b40c74abe0fe8a0e2b0

  • SHA256

    3b4fcf2dd9801836eb78acfe6a4898a6caf1138e3c6a3d6305c56f1920a00725

  • SHA512

    15676a0b2a887f77a72c333d95809817d643d25c04c7a90958ace86ddc6741ebcb7e25570f80981526e0a3699bf2f330e8623f3d591a7e76ee84b7af6be02828

  • SSDEEP

    12288:9Up3EQ6T6jpV3KVMeHf2Jl84yfFr+3p8rkKQr6MCNVkgQpNaQ4ppFJN9IJaXSo:9KTV0TfkOYK1NkgQ3+mJaCo

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      3b4fcf2dd9801836eb78acfe6a4898a6caf1138e3c6a3d6305c56f1920a00725

    • Size

      722KB

    • MD5

      6d5409f4481a16238033453a868146d0

    • SHA1

      aa7cfb4c09b3749850cf3b40c74abe0fe8a0e2b0

    • SHA256

      3b4fcf2dd9801836eb78acfe6a4898a6caf1138e3c6a3d6305c56f1920a00725

    • SHA512

      15676a0b2a887f77a72c333d95809817d643d25c04c7a90958ace86ddc6741ebcb7e25570f80981526e0a3699bf2f330e8623f3d591a7e76ee84b7af6be02828

    • SSDEEP

      12288:9Up3EQ6T6jpV3KVMeHf2Jl84yfFr+3p8rkKQr6MCNVkgQpNaQ4ppFJN9IJaXSo:9KTV0TfkOYK1NkgQ3+mJaCo

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks