Extracted

• • Target

    f9da1951c11c0986409e2ecf7b6685176c1f16bc8672dd6038d6d61188bafc7a

  • Size

    32KB

  • MD5

    08488b000bfdadefc7393633547a3130

  • SHA1

    7c6d7100afe251a3074d453c53288f6440619323

  • SHA256

    f9da1951c11c0986409e2ecf7b6685176c1f16bc8672dd6038d6d61188bafc7a

  • SHA512

    d5ca5a26cba7fe4171bccb35512aa0acc0caad0ea32189c7b05ae5a4e599661a6b1ed75ffd0b09b84badbc77f61f228d8d18c0d71ceb06a34364bc607a8e31fe

  • SSDEEP

    768:rf1WbPH59kgi2fKACIaFleZQWTGBxMLfb41CYR/9m:rdWbZltfjCHwQWT/81L

  Score

  10^/10

  cobaltstrikejokerbackdoorbootkitdiscoveryinfostealerpersistencetrojanupx

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Registers COM server for autorun

    persistence

  • Sets file execution options in registry

    persistence

  • Sets service image path in registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2