Overview

overview

8

Static

static

2537b5e457...f1.exe

windows7-x64

8

2537b5e457...f1.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2537b5e457429bea4168be8dec7074928f2bb1d8ea286e03912f59ab2baba9f1

  • Size

    284KB

  • Sample

    221030-gn1gysega9

  • MD5

    a3aaa4a1c4a6424b4a247fc9d5e23ea0

  • SHA1

    23b25066cd9ef843de8880ff10a0d2797aec3c77

  • SHA256

    2537b5e457429bea4168be8dec7074928f2bb1d8ea286e03912f59ab2baba9f1

  • SHA512

    d18d947b456e203c011faca9d47b8c604fadb6838e6e8e4d9939f38ce80de5660030bf7de9a6e84f288637b3e85076c5d7cbcdce7bbecd001c7ad26d9510b252

  • SSDEEP

    3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      2537b5e457429bea4168be8dec7074928f2bb1d8ea286e03912f59ab2baba9f1

    • Size

      284KB

    • MD5

      a3aaa4a1c4a6424b4a247fc9d5e23ea0

    • SHA1

      23b25066cd9ef843de8880ff10a0d2797aec3c77

    • SHA256

      2537b5e457429bea4168be8dec7074928f2bb1d8ea286e03912f59ab2baba9f1

    • SHA512

      d18d947b456e203c011faca9d47b8c604fadb6838e6e8e4d9939f38ce80de5660030bf7de9a6e84f288637b3e85076c5d7cbcdce7bbecd001c7ad26d9510b252

    • SSDEEP

      3072:mSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lC:mPA6wxmuJspr2l

    Score
    8/10
    persistenceupx

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks