Overview

overview

10

Static

static

8

31af7cf82e...f1.exe

windows7-x64

10

31af7cf82e...f1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31af7cf82ea1fc4aa51f9989350600ad4b121b41493942f5ef4a1d6fd4f141f1

  • Size

    207KB

  • Sample

    221107-fsc2sacccn

  • MD5

    04b439e2de9e2bb1fea86cb2ab596dc9

  • SHA1

    0c9d340365ff4cdda6a4dc9dc8e8ce86f3ca57e4

  • SHA256

    31af7cf82ea1fc4aa51f9989350600ad4b121b41493942f5ef4a1d6fd4f141f1

  • SHA512

    076a8511f022bff42d7bbc507d81dab602fdf3bded604b4dfb6217d3a5cc01e5606ad63d230a9b2cb6dcd84ed34c216a249ef51178f758b7a532a84ad82a9cac

  • SSDEEP

    3072:qpETAASw+8SxTBcQ7+4fa396Fkf8VHDaHp5duvvwX8+I7k83Mm97NXdMlqh6:7AZFR9cQtfMkVjqp5duXA8+I7k8LRqm6

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      31af7cf82ea1fc4aa51f9989350600ad4b121b41493942f5ef4a1d6fd4f141f1

    • Size

      207KB

    • MD5

      04b439e2de9e2bb1fea86cb2ab596dc9

    • SHA1

      0c9d340365ff4cdda6a4dc9dc8e8ce86f3ca57e4

    • SHA256

      31af7cf82ea1fc4aa51f9989350600ad4b121b41493942f5ef4a1d6fd4f141f1

    • SHA512

      076a8511f022bff42d7bbc507d81dab602fdf3bded604b4dfb6217d3a5cc01e5606ad63d230a9b2cb6dcd84ed34c216a249ef51178f758b7a532a84ad82a9cac

    • SSDEEP

      3072:qpETAASw+8SxTBcQ7+4fa396Fkf8VHDaHp5duvvwX8+I7k83Mm97NXdMlqh6:7AZFR9cQtfMkVjqp5duXA8+I7k8LRqm6

    Score
    10/10
    persistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks