57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc | Triage

Submit
Reports

Overview

overview

Static

static

57360b25c7...bc.exe

windows7-x64

57360b25c7...bc.exe

windows10-2004-x64

Sharing

General

Target

57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc
Size

256KB
Sample

221123-z6psaaee98
MD5

1da400056c5108658743949a4a863284
SHA1

3cd4442020be2e4594164d7c2af36f1d10e8465b
SHA256

57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc
SHA512

9fdbaa9ec8472e41cdb47fd3a75dc3e0dd8b1bde81ece27a531d5c61d36b86c5fcc1842963e458f3d394ee917e825d32eac68e113662b266ac5ddab9c56b433d
SSDEEP

6144:c7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:c7RekGLO0CyvGMT8N00GlDM

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc
- Size
  
  256KB
- MD5
  
  1da400056c5108658743949a4a863284
- SHA1
  
  3cd4442020be2e4594164d7c2af36f1d10e8465b
- SHA256
  
  57360b25c7f267dc03d16e6bacf6ba648ab393a9969ebd7c4656edb414e1b8bc
- SHA512
  
  9fdbaa9ec8472e41cdb47fd3a75dc3e0dd8b1bde81ece27a531d5c61d36b86c5fcc1842963e458f3d394ee917e825d32eac68e113662b266ac5ddab9c56b433d
- SSDEEP
  
  6144:c7RPGkG+2O01WQY4MyTjGMT8N00lFKgOLpE4dFbbxGo:c7RekGLO0CyvGMT8N00GlDM
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy