Overview

overview

8

Static

static

8

Trojan-Ran...le.exe

windows7-x64

8

Trojan-Ran...le.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trojan-Ransom.Win32.Birele.fod-3740b6123a88eeadbc5ed60124727b4ae4ff89a8598d03a142a774bf1036ff99

  • Size

    76KB

  • Sample

    221106-qgfcwafahq

  • MD5

    7d5a119c7430c6ec0703653f54c434ea

  • SHA1

    6534365f546c2e3883f5503908351a3a9dbd9f0d

  • SHA256

    3740b6123a88eeadbc5ed60124727b4ae4ff89a8598d03a142a774bf1036ff99

  • SHA512

    3522aac91336ad62aedb59f7058e0678a8eaf6a9a41386280d8e49e3b172121297238762cd94a20c9e78c8eb5e785ae52de25c9b1509cd2fb47d73bc87b8d582

  • SSDEEP

    1536:uf1mb6zZJMVsZYLYmDmGUKGiLqpPADs+MD7+mTA:uwWHYGiLqFCMD7+mT

Score
8/10
upx

Malware Config

Targets

    • Target

      Trojan-Ransom.Win32.Birele.fod-3740b6123a88eeadbc5ed60124727b4ae4ff89a8598d03a142a774bf1036ff99

    • Size

      76KB

    • MD5

      7d5a119c7430c6ec0703653f54c434ea

    • SHA1

      6534365f546c2e3883f5503908351a3a9dbd9f0d

    • SHA256

      3740b6123a88eeadbc5ed60124727b4ae4ff89a8598d03a142a774bf1036ff99

    • SHA512

      3522aac91336ad62aedb59f7058e0678a8eaf6a9a41386280d8e49e3b172121297238762cd94a20c9e78c8eb5e785ae52de25c9b1509cd2fb47d73bc87b8d582

    • SSDEEP

      1536:uf1mb6zZJMVsZYLYmDmGUKGiLqpPADs+MD7+mTA:uwWHYGiLqFCMD7+mT

    Score
    8/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks