0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

0fbe9ebd9f...36.exe

windows7-x64

8

0fbe9ebd9f...36.exe

windows10-2004-x64

8

Sharing

General

Target

0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36
Size

63KB
Sample

221121-pzy29sec9t
MD5

1007035e32b76c2dc7be9fc05f817e41
SHA1

97e6eb2e1239e4ff89974b912f1cc1d451e5d7f6
SHA256

0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36
SHA512

b19c03b93bfb405b999196233f0d14894a1d8ee12e4143ad20fb2404473a3205ec52a857f2c75578fc45d01d1d2d4cefeb26dedf5afdf70d2ae01b70a2283d52
SSDEEP

1536:YZJIcNlfTMQZQnA9bLTLrUNWhT8KfFQXAbqC1ZNpsvBB1yuPtmY:yIcXLMQZxFLwKfFQXAeiZNpsL0yt

Score

8^/10

upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36.exe

Resource

win7-20221111-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36
- Size
  
  63KB
- MD5
  
  1007035e32b76c2dc7be9fc05f817e41
- SHA1
  
  97e6eb2e1239e4ff89974b912f1cc1d451e5d7f6
- SHA256
  
  0fbe9ebd9ff9d68e5b570c6194bd40d8dfe53f8852919e06f533bec4bd648c36
- SHA512
  
  b19c03b93bfb405b999196233f0d14894a1d8ee12e4143ad20fb2404473a3205ec52a857f2c75578fc45d01d1d2d4cefeb26dedf5afdf70d2ae01b70a2283d52
- SSDEEP
  
  1536:YZJIcNlfTMQZQnA9bLTLrUNWhT8KfFQXAbqC1ZNpsvBB1yuPtmY:yIcXLMQZxFLwKfFQXAeiZNpsL0yt
Score

8^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy