Overview

overview

8

Static

static

3e37b18d70...ad.exe

windows7-x64

8

3e37b18d70...ad.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    3e37b18d70980c51c999386d72b109b3784de9cead9759bb8b5a398558bb6fad

  • Size

    156KB

  • Sample

    221029-1accragefl

  • MD5

    840ea03320d7207d26e99271997a63d9

  • SHA1

    245bb0fbb3e39646b8ba5c10d37217be83e9a0c2

  • SHA256

    3e37b18d70980c51c999386d72b109b3784de9cead9759bb8b5a398558bb6fad

  • SHA512

    80bd8870b2eddd66514931badbd5fbf9315525c129748ae9e6b85787d8e75b31a1a7eeda93316bdbe4784e8ed33289c15f0710555afd0662960593c9b9b16ed6

  • SSDEEP

    3072:eDpxKAjl9Pgr9gEOh56nDj1haBDqIDppgqEg1SUxa5e5S:qjXkOEOh50BhaBD17a5e5

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      3e37b18d70980c51c999386d72b109b3784de9cead9759bb8b5a398558bb6fad

    • Size

      156KB

    • MD5

      840ea03320d7207d26e99271997a63d9

    • SHA1

      245bb0fbb3e39646b8ba5c10d37217be83e9a0c2

    • SHA256

      3e37b18d70980c51c999386d72b109b3784de9cead9759bb8b5a398558bb6fad

    • SHA512

      80bd8870b2eddd66514931badbd5fbf9315525c129748ae9e6b85787d8e75b31a1a7eeda93316bdbe4784e8ed33289c15f0710555afd0662960593c9b9b16ed6

    • SSDEEP

      3072:eDpxKAjl9Pgr9gEOh56nDj1haBDqIDppgqEg1SUxa5e5S:qjXkOEOh50BhaBD17a5e5

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks