Overview

overview

8

Static

static

5709c8dd01...41.exe

windows7-x64

8

5709c8dd01...41.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    5709c8dd011ed0f84fb268125debc9d89db690d6e263276f5e241b97a025d941

  • Size

    284KB

  • Sample

    221003-1wxwkshcf2

  • MD5

    078c149ef8006f7d42bb81789dc162e7

  • SHA1

    dc7863578871b192b1a8fae0bdc06f9f555d47dd

  • SHA256

    5709c8dd011ed0f84fb268125debc9d89db690d6e263276f5e241b97a025d941

  • SHA512

    90261677dac75b130a14b7028505425ea9d36db4382e04ee035f618b16f91e0919df38d38cb604b50798930a0cf9bfd1603a6057eddefbf396555d59156802db

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      5709c8dd011ed0f84fb268125debc9d89db690d6e263276f5e241b97a025d941

    • Size

      284KB

    • MD5

      078c149ef8006f7d42bb81789dc162e7

    • SHA1

      dc7863578871b192b1a8fae0bdc06f9f555d47dd

    • SHA256

      5709c8dd011ed0f84fb268125debc9d89db690d6e263276f5e241b97a025d941

    • SHA512

      90261677dac75b130a14b7028505425ea9d36db4382e04ee035f618b16f91e0919df38d38cb604b50798930a0cf9bfd1603a6057eddefbf396555d59156802db

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

    Score
    8/10
    persistenceupx

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks