Overview

overview

10

Static

static

b21d971146...26.exe

windows7-x64

10

b21d971146...26.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    b21d9711467473fe1617a4128b382a19e09eec437a073b3f32ec68a53563af26

  • Size

    186KB

  • Sample

    221011-yymsaacfcq

  • MD5

    6139eb0e992a13d0b0646c97c39ffd5e

  • SHA1

    16a9a98216b7b12e54adb5cac629cf486b9c9e46

  • SHA256

    b21d9711467473fe1617a4128b382a19e09eec437a073b3f32ec68a53563af26

  • SHA512

    8fd1ce8abd49b79978841fa609fa9262a4e83cbc85e8109a629fc3d40c841126917de6b91767592b0a72cbcd447b6ee0b0517daacd948f68d53467e0c641cc3d

  • SSDEEP

    3072:st+HJeO1Q7rIaJKmiIu85youtanQz11vcnJk2VTfir99iN0JZWeUVl+M:s8peO1EKmit85yoSTzbvMJ/Y9ieUV9

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      b21d9711467473fe1617a4128b382a19e09eec437a073b3f32ec68a53563af26

    • Size

      186KB

    • MD5

      6139eb0e992a13d0b0646c97c39ffd5e

    • SHA1

      16a9a98216b7b12e54adb5cac629cf486b9c9e46

    • SHA256

      b21d9711467473fe1617a4128b382a19e09eec437a073b3f32ec68a53563af26

    • SHA512

      8fd1ce8abd49b79978841fa609fa9262a4e83cbc85e8109a629fc3d40c841126917de6b91767592b0a72cbcd447b6ee0b0517daacd948f68d53467e0c641cc3d

    • SSDEEP

      3072:st+HJeO1Q7rIaJKmiIu85youtanQz11vcnJk2VTfir99iN0JZWeUVl+M:s8peO1EKmit85yoSTzbvMJ/Y9ieUV9

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks