Overview

overview

9

Static

static

676eea69fd...ea.exe

windows7-x64

9

676eea69fd...ea.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea

  • Size

    5.1MB

  • Sample

    221123-vlpjkahd29

  • MD5

    43f6b4589ea28e1df8d0c40d9cfb0ada

  • SHA1

    63cc4eacf596d31efa5567a7e86aaf4ef99691e6

  • SHA256

    676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea

  • SHA512

    ca68d40dcc6f0ea82878524f29d9cdac5ef33be3634b686e2ea9c2e4d84d7645dc4d5f6c4d6f72b4393d181bbd0e2978a2d983a82b376f191956a8dee82082c1

  • SSDEEP

    98304:SyG6edCQHyTPBAl9R/rUdCGUsYml5Nk+YFowkyR5zccEURz9GJpeT:SQJA48GUsL5mdkqciw

Score
9/10
evasiontrojanupx

Malware Config

Targets

    • Target

      676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea

    • Size

      5.1MB

    • MD5

      43f6b4589ea28e1df8d0c40d9cfb0ada

    • SHA1

      63cc4eacf596d31efa5567a7e86aaf4ef99691e6

    • SHA256

      676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea

    • SHA512

      ca68d40dcc6f0ea82878524f29d9cdac5ef33be3634b686e2ea9c2e4d84d7645dc4d5f6c4d6f72b4393d181bbd0e2978a2d983a82b376f191956a8dee82082c1

    • SSDEEP

      98304:SyG6edCQHyTPBAl9R/rUdCGUsYml5Nk+YFowkyR5zccEURz9GJpeT:SQJA48GUsL5mdkqciw

    Score
    9/10
    upxevasiontrojan

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks