Overview

overview

10

Static

static

8

76b17a0ee4...fd.exe

windows7-x64

10

76b17a0ee4...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76b17a0ee47091052bbe9ba3a0ec780c54c927b7f7c6dc5995d3631e7b973afd

  • Size

    267KB

  • Sample

    221021-eqzbkabde5

  • MD5

    4a403aedeb9ca02f9f7aba6923161e60

  • SHA1

    cf2a4032ed5e7c141467b8b6c8b915de75309633

  • SHA256

    76b17a0ee47091052bbe9ba3a0ec780c54c927b7f7c6dc5995d3631e7b973afd

  • SHA512

    3706b48ed7bd58402ded18e55b64a81404831e538e55b943cc31b30d5a50e57ba9e4f09af571668bf88efada49b3e07f79a6376adfb4dc43a8035f66e1cbdce2

  • SSDEEP

    6144:XbfO3SlNyTkyhlx0kRujRYO4VYAtHJ3DFLjxIE++/gAxcbibMoS2:LfIST8kk0kMlCPTvXxKXoS2

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      76b17a0ee47091052bbe9ba3a0ec780c54c927b7f7c6dc5995d3631e7b973afd

    • Size

      267KB

    • MD5

      4a403aedeb9ca02f9f7aba6923161e60

    • SHA1

      cf2a4032ed5e7c141467b8b6c8b915de75309633

    • SHA256

      76b17a0ee47091052bbe9ba3a0ec780c54c927b7f7c6dc5995d3631e7b973afd

    • SHA512

      3706b48ed7bd58402ded18e55b64a81404831e538e55b943cc31b30d5a50e57ba9e4f09af571668bf88efada49b3e07f79a6376adfb4dc43a8035f66e1cbdce2

    • SSDEEP

      6144:XbfO3SlNyTkyhlx0kRujRYO4VYAtHJ3DFLjxIE++/gAxcbibMoS2:LfIST8kk0kMlCPTvXxKXoS2

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks