fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219 | Triage

Submit
Reports

Overview

overview

8

Static

static

fd53c6daa7...19.exe

windows7-x64

8

fd53c6daa7...19.exe

windows10-2004-x64

8

Sharing

General

Target

fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219
Size

512KB
Sample

221123-lzhhqscf82
MD5

0188f97a2e988dadb8fbd04c3beb98ca
SHA1

1abe5390514d43ec852232f425766a9b66a08b8c
SHA256

fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219
SHA512

04537ac67d3a2a0bf72ee4a83ca01fdd9096731f81a66a549e5c83ed66affe9ee54964542f387f3130b9ca7760bc649e0dd18902128e6d2e5df88d891d297fbd
SSDEEP

6144:WKMfeHFy35sdITzCyLWrx548JXpb1Gsehn08k9OMSkgN36nFtis0K+mhqkb/xX6P:c5HnVLWN5d3ksedWO6nF7wkb/x62AIK

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219.exe

Resource

win7-20220812-en

persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219.exe

Resource

win10v2004-20220812-en

persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219
- Size
  
  512KB
- MD5
  
  0188f97a2e988dadb8fbd04c3beb98ca
- SHA1
  
  1abe5390514d43ec852232f425766a9b66a08b8c
- SHA256
  
  fd53c6daa769503538325c15b5981102c679e1130b8beb9b24eb9abb9118d219
- SHA512
  
  04537ac67d3a2a0bf72ee4a83ca01fdd9096731f81a66a549e5c83ed66affe9ee54964542f387f3130b9ca7760bc649e0dd18902128e6d2e5df88d891d297fbd
- SSDEEP
  
  6144:WKMfeHFy35sdITzCyLWrx548JXpb1Gsehn08k9OMSkgN36nFtis0K+mhqkb/xX6P:c5HnVLWN5d3ksedWO6nF7wkb/x62AIK
Score

8^/10

persistence upx
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks for any installed AV software in registry
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy