Overview

overview

10

Static

static

1e6dd6998f...f7.exe

windows7-x64

10

1e6dd6998f...f7.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1e6dd6998fb06d1a6f8afc5bb7e7b41518179285f28553cccdb6e45adc303df7

  • Size

    452KB

  • Sample

    221014-l59jeaaeg8

  • MD5

    638e0e23a8e006dce8dfded1cbff5e9e

  • SHA1

    6d846680bdf596b4df98b814a591aaa86030f12f

  • SHA256

    1e6dd6998fb06d1a6f8afc5bb7e7b41518179285f28553cccdb6e45adc303df7

  • SHA512

    8ce8d57702951f5416aaa95a163f379e2d60bab9e672d1b6463318347f50430f7fe1156b25019ec6922957c70c7fc498498d72a56884fd1c962db40ef10a90b2

  • SSDEEP

    12288:KYU476vtic2xSNc8DtoQRWIvf5qZ4KAlPfEOX:1utj22c8RVWFZ3ARsOX

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      1e6dd6998fb06d1a6f8afc5bb7e7b41518179285f28553cccdb6e45adc303df7

    • Size

      452KB

    • MD5

      638e0e23a8e006dce8dfded1cbff5e9e

    • SHA1

      6d846680bdf596b4df98b814a591aaa86030f12f

    • SHA256

      1e6dd6998fb06d1a6f8afc5bb7e7b41518179285f28553cccdb6e45adc303df7

    • SHA512

      8ce8d57702951f5416aaa95a163f379e2d60bab9e672d1b6463318347f50430f7fe1156b25019ec6922957c70c7fc498498d72a56884fd1c962db40ef10a90b2

    • SSDEEP

      12288:KYU476vtic2xSNc8DtoQRWIvf5qZ4KAlPfEOX:1utj22c8RVWFZ3ARsOX

    Score
    10/10
    evasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks