Overview

overview

10

Static

static

cba8ecc132...04.exe

windows7-x64

10

cba8ecc132...04.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    cba8ecc132cb011b1f4e3e59ef37d01d0880d7dd6a34f268ff31746ec2f7fa04

  • Size

    164KB

  • Sample

    221030-jfhy2safdp

  • MD5

    929c3d22f1bd1d0939fdb60bb8dc81a5

  • SHA1

    0fafd682627d9c03fd55faaadc07d4d80d95c006

  • SHA256

    cba8ecc132cb011b1f4e3e59ef37d01d0880d7dd6a34f268ff31746ec2f7fa04

  • SHA512

    745e807b6388d7b63ccc73fba7354bea3ab422870a88adecd5040553d37330bd97e6eea73469603320a394cf528f760d461c7ff93acb4e59948f729f65a4bd64

  • SSDEEP

    3072:hVXcTZeH1SDYNNb3r78IUz/m+mpLXaiv53gFyn:h/MYNNiRFO

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      cba8ecc132cb011b1f4e3e59ef37d01d0880d7dd6a34f268ff31746ec2f7fa04

    • Size

      164KB

    • MD5

      929c3d22f1bd1d0939fdb60bb8dc81a5

    • SHA1

      0fafd682627d9c03fd55faaadc07d4d80d95c006

    • SHA256

      cba8ecc132cb011b1f4e3e59ef37d01d0880d7dd6a34f268ff31746ec2f7fa04

    • SHA512

      745e807b6388d7b63ccc73fba7354bea3ab422870a88adecd5040553d37330bd97e6eea73469603320a394cf528f760d461c7ff93acb4e59948f729f65a4bd64

    • SSDEEP

      3072:hVXcTZeH1SDYNNb3r78IUz/m+mpLXaiv53gFyn:h/MYNNiRFO

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks