Overview

overview

8

Static

static

e202a53eaa...77.exe

windows7-x64

8

e202a53eaa...77.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e202a53eaa7000e41ecbe581c6853d48c4cf960423cefefd46857378c4b5a977

  • Size

    160KB

  • Sample

    221029-cazahsfhd5

  • MD5

    002271ecc58590e9dcac187fc5b5bd86

  • SHA1

    2bcae0358059894ae144812d63e07753d52c23ab

  • SHA256

    e202a53eaa7000e41ecbe581c6853d48c4cf960423cefefd46857378c4b5a977

  • SHA512

    3d6e36b0babfb91f79584ca8b0bc104f3e199ea5603e9e94899e7cf2a43ecf1651cd07bea139484942d3834f6ff37a2df86a2dee2c2510ad6f06cb87bf5ff6aa

  • SSDEEP

    1536:F+gDbKlmyJKz5jR7766dxocisPfDsCUjhe+SPBp9oEoTTLgY++++1sY+++++ZDdM:FxbkuVbvLn7Uj3

Score
8/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      e202a53eaa7000e41ecbe581c6853d48c4cf960423cefefd46857378c4b5a977

    • Size

      160KB

    • MD5

      002271ecc58590e9dcac187fc5b5bd86

    • SHA1

      2bcae0358059894ae144812d63e07753d52c23ab

    • SHA256

      e202a53eaa7000e41ecbe581c6853d48c4cf960423cefefd46857378c4b5a977

    • SHA512

      3d6e36b0babfb91f79584ca8b0bc104f3e199ea5603e9e94899e7cf2a43ecf1651cd07bea139484942d3834f6ff37a2df86a2dee2c2510ad6f06cb87bf5ff6aa

    • SSDEEP

      1536:F+gDbKlmyJKz5jR7766dxocisPfDsCUjhe+SPBp9oEoTTLgY++++1sY+++++ZDdM:FxbkuVbvLn7Uj3

    Score
    8/10
    evasionpersistencetrojanupx

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks