Overview

overview

8

Static

static

8

4f9c4c0137...5d.exe

windows7-x64

8

4f9c4c0137...5d.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f9c4c01376d08a4491b50a3a195e3a7e48fec4ab9b8afd58a5958ce3cf9ea5d

  • Size

    134KB

  • Sample

    221019-qdwwfshfdj

  • MD5

    a2185fa19b7782f1d6404b36367c6ba0

  • SHA1

    24a23a5c7cc5717f82140340e5e8272102ce8a7d

  • SHA256

    4f9c4c01376d08a4491b50a3a195e3a7e48fec4ab9b8afd58a5958ce3cf9ea5d

  • SHA512

    c9507353defd724a05415c5541200254cac1306ead21354da157f55766b489b8656259a60c28e615310b942b135edf17e6a755112011b648a5762acf54fc34ed

  • SSDEEP

    3072:Dxaw7lEvFCsE8uKqMJBrHnsAWNqubkdBytQlaVrAUdB1/:TlFstuKqMJ9Hn5WNqub/tpV841

Score
8/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      4f9c4c01376d08a4491b50a3a195e3a7e48fec4ab9b8afd58a5958ce3cf9ea5d

    • Size

      134KB

    • MD5

      a2185fa19b7782f1d6404b36367c6ba0

    • SHA1

      24a23a5c7cc5717f82140340e5e8272102ce8a7d

    • SHA256

      4f9c4c01376d08a4491b50a3a195e3a7e48fec4ab9b8afd58a5958ce3cf9ea5d

    • SHA512

      c9507353defd724a05415c5541200254cac1306ead21354da157f55766b489b8656259a60c28e615310b942b135edf17e6a755112011b648a5762acf54fc34ed

    • SSDEEP

      3072:Dxaw7lEvFCsE8uKqMJBrHnsAWNqubkdBytQlaVrAUdB1/:TlFstuKqMJ9Hn5WNqub/tpV841

    Score
    8/10
    evasionpersistencetrojanupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks