Overview

overview

10

Static

static

41e431cfe0...5d.exe

windows7-x64

10

41e431cfe0...5d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41e431cfe0d71c072431e120bffcc96cdf2aca6093726d1ecb4155ea9f207a5d

  • Size

    484KB

  • Sample

    221003-nka68adff9

  • MD5

    621106a5ef931fc7a981de92c1c730ad

  • SHA1

    6491e6ac604179c6e58e75310acb80f5dfa6cdb0

  • SHA256

    41e431cfe0d71c072431e120bffcc96cdf2aca6093726d1ecb4155ea9f207a5d

  • SHA512

    44adc6e2494128131065284b10500d20d0a05dee616f208f33f803821365290a77e20a3862e36196a45ae5d7995c90f936c29c6636cc01e4434af5e32d868f6d

  • SSDEEP

    12288:foUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:P92ILECd0R15XZS3QafpDNUQ

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      41e431cfe0d71c072431e120bffcc96cdf2aca6093726d1ecb4155ea9f207a5d

    • Size

      484KB

    • MD5

      621106a5ef931fc7a981de92c1c730ad

    • SHA1

      6491e6ac604179c6e58e75310acb80f5dfa6cdb0

    • SHA256

      41e431cfe0d71c072431e120bffcc96cdf2aca6093726d1ecb4155ea9f207a5d

    • SHA512

      44adc6e2494128131065284b10500d20d0a05dee616f208f33f803821365290a77e20a3862e36196a45ae5d7995c90f936c29c6636cc01e4434af5e32d868f6d

    • SSDEEP

      12288:foUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:P92ILECd0R15XZS3QafpDNUQ

    Score
    10/10
    evasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks