Overview

overview

8

Static

static

5

0c6eb7a979...a5.exe

windows7-x64

8

0c6eb7a979...a5.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    0c6eb7a979b21c0ba7ef24722cdac54ca47a9ca30dd5c3f3c1f71c083fb27ea5

  • Size

    1.2MB

  • Sample

    221029-szdywacee3

  • MD5

    1510b1adc42e8fa73503759a6e491dd6

  • SHA1

    ed309e775b7e4248f0c086e8382ebf1941daab2f

  • SHA256

    0c6eb7a979b21c0ba7ef24722cdac54ca47a9ca30dd5c3f3c1f71c083fb27ea5

  • SHA512

    b7deae5356d23eae27d7ce44a8fa6553441efda1e2e4d53e95f633f2ac539d208a208d94d596855983f623f24d7a90c79f28a6d9c9c76acd88fb47a15091bde2

  • SSDEEP

    24576:dtb20pkaCqT5TBWgNQ7aaoe8iyjrN5Tpi42ltijfQrmM5C6A:OVg5tQ7aaPyjJ5TEXEjfeJE5

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      0c6eb7a979b21c0ba7ef24722cdac54ca47a9ca30dd5c3f3c1f71c083fb27ea5

    • Size

      1.2MB

    • MD5

      1510b1adc42e8fa73503759a6e491dd6

    • SHA1

      ed309e775b7e4248f0c086e8382ebf1941daab2f

    • SHA256

      0c6eb7a979b21c0ba7ef24722cdac54ca47a9ca30dd5c3f3c1f71c083fb27ea5

    • SHA512

      b7deae5356d23eae27d7ce44a8fa6553441efda1e2e4d53e95f633f2ac539d208a208d94d596855983f623f24d7a90c79f28a6d9c9c76acd88fb47a15091bde2

    • SSDEEP

      24576:dtb20pkaCqT5TBWgNQ7aaoe8iyjrN5Tpi42ltijfQrmM5C6A:OVg5tQ7aaPyjJ5TEXEjfeJE5

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks