Overview

overview

8

Static

static

5

b1221bb127...bd.exe

windows7-x64

8

b1221bb127...bd.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1221bb12788f188e4259305e1d37e91cac7ca2810d0211c45600a23697882bd

  • Size

    1.7MB

  • Sample

    221021-x1dfysbgf5

  • MD5

    597029dcb2738c17be6d79814cdaf229

  • SHA1

    4a99520e5e2070d02883cdba89ecf188b3b39add

  • SHA256

    b1221bb12788f188e4259305e1d37e91cac7ca2810d0211c45600a23697882bd

  • SHA512

    6d80f6cbaf71e20f8622d0d3bdf4a263da9cddad8d53c4230ff0df302feba29a297f66fa9fb04c4660e5227074c3f6c8f97b2f770054c749f9f002691b6094d0

  • SSDEEP

    24576:eRmJkcoQricOIQxiZY1iaH0xxxxxxxxxxxxxxvMi6Ro1s8JyfsOqa6tBkazn572J:LJZoQrbTFZY1ia8MiNFyfsOlc95Iku

Score
8/10
upx

Malware Config

Targets

    • Target

      b1221bb12788f188e4259305e1d37e91cac7ca2810d0211c45600a23697882bd

    • Size

      1.7MB

    • MD5

      597029dcb2738c17be6d79814cdaf229

    • SHA1

      4a99520e5e2070d02883cdba89ecf188b3b39add

    • SHA256

      b1221bb12788f188e4259305e1d37e91cac7ca2810d0211c45600a23697882bd

    • SHA512

      6d80f6cbaf71e20f8622d0d3bdf4a263da9cddad8d53c4230ff0df302feba29a297f66fa9fb04c4660e5227074c3f6c8f97b2f770054c749f9f002691b6094d0

    • SSDEEP

      24576:eRmJkcoQricOIQxiZY1iaH0xxxxxxxxxxxxxxvMi6Ro1s8JyfsOqa6tBkazn572J:LJZoQrbTFZY1ia8MiNFyfsOlc95Iku

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks