6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13 | Triage

Submit
Reports

Overview

overview

Static

static

6f9c23fc42...13.exe

windows7-x64

8

6f9c23fc42...13.exe

windows10-2004-x64

Sharing

General

Target

6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13
Size

186KB
Sample

221020-tzvgasdeh8
MD5

900465b3efbab61f751845ff5efce7be
SHA1

f1e6f2230578dade82cf89f5438d7d289d057252
SHA256

6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13
SHA512

5da2626092307ef636cd0ad06613e4e92eabb7773dd93acb12a8afdbcbae0da4927a88741185523dbf5cc054d41b9d24e79e647fb790d276b0f4993a1bab12a6
SSDEEP

3072:grVQa1ycOfVkix1c4Jcfad/JES5bhaOPExBEnGxsNilMBLfz0tYuE1M4hOExcUad:grsJ9kib7Jcfa73PG6s6t4tYnZLxlDa

Score

10^/10

evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13.exe

Resource

win7-20220812-en

evasion persistence trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13.exe

Resource

win10v2004-20220901-en

evasion persistence trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13
- Size
  
  186KB
- MD5
  
  900465b3efbab61f751845ff5efce7be
- SHA1
  
  f1e6f2230578dade82cf89f5438d7d289d057252
- SHA256
  
  6f9c23fc4267e3951f9d8a139068f026eee363b24efa3b3ebe22d6c29a37ad13
- SHA512
  
  5da2626092307ef636cd0ad06613e4e92eabb7773dd93acb12a8afdbcbae0da4927a88741185523dbf5cc054d41b9d24e79e647fb790d276b0f4993a1bab12a6
- SSDEEP
  
  3072:grVQa1ycOfVkix1c4Jcfad/JES5bhaOPExBEnGxsNilMBLfz0tYuE1M4hOExcUad:grsJ9kib7Jcfa73PG6s6t4tYnZLxlDa
Score

10^/10

evasion persistence trojan upx
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2025

Terms | Privacy