676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea | Triage

Submit
Reports

Overview

overview

9

Static

static

676eea69fd...ea.exe

windows7-x64

9

676eea69fd...ea.exe

windows10-2004-x64

9

Sharing

General

Target

676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea
Size

5.1MB
Sample

221123-vlpjkahd29
MD5

43f6b4589ea28e1df8d0c40d9cfb0ada
SHA1

63cc4eacf596d31efa5567a7e86aaf4ef99691e6
SHA256

676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea
SHA512

ca68d40dcc6f0ea82878524f29d9cdac5ef33be3634b686e2ea9c2e4d84d7645dc4d5f6c4d6f72b4393d181bbd0e2978a2d983a82b376f191956a8dee82082c1
SSDEEP

98304:SyG6edCQHyTPBAl9R/rUdCGUsYml5Nk+YFowkyR5zccEURz9GJpeT:SQJA48GUsL5mdkqciw

Score

9^/10

evasion trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe

Resource

win7-20220812-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe

Resource

win10v2004-20220812-en

evasion trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea
- Size
  
  5.1MB
- MD5
  
  43f6b4589ea28e1df8d0c40d9cfb0ada
- SHA1
  
  63cc4eacf596d31efa5567a7e86aaf4ef99691e6
- SHA256
  
  676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea
- SHA512
  
  ca68d40dcc6f0ea82878524f29d9cdac5ef33be3634b686e2ea9c2e4d84d7645dc4d5f6c4d6f72b4393d181bbd0e2978a2d983a82b376f191956a8dee82082c1
- SSDEEP
  
  98304:SyG6edCQHyTPBAl9R/rUdCGUsYml5Nk+YFowkyR5zccEURz9GJpeT:SQJA48GUsL5mdkqciw
Score

9^/10

upx evasion trojan
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasiontrojanupx

© 2018-2024

Terms | Privacy