Overview

overview

8

Static

static

4420fef87d...be.exe

windows7-x64

8

4420fef87d...be.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4420fef87deee22a1ebda98c39da4aaa061da8a6068d7ff433ea7d1634c2f8be

  • Size

    26KB

  • Sample

    221124-atpjbafc77

  • MD5

    170841653a1dce31f784d13319210b50

  • SHA1

    ee8b74a035fcba3cd3a2a5cb00f61179f604238d

  • SHA256

    4420fef87deee22a1ebda98c39da4aaa061da8a6068d7ff433ea7d1634c2f8be

  • SHA512

    f3a7ba7ec7ecc87e9de6969a5fddb1c10558150c3b2d6647b18e6b3e67e2b92b71986f3d27dd135f430b150c357447b6dc3eb94151f0f25051c895e12d04f965

  • SSDEEP

    384:5VgGwfec5YzWUIN5JJO7ocuDg+nUHJg0tx0/PUxS20:wbWqYzpITPAKuHJg070Ux

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      4420fef87deee22a1ebda98c39da4aaa061da8a6068d7ff433ea7d1634c2f8be

    • Size

      26KB

    • MD5

      170841653a1dce31f784d13319210b50

    • SHA1

      ee8b74a035fcba3cd3a2a5cb00f61179f604238d

    • SHA256

      4420fef87deee22a1ebda98c39da4aaa061da8a6068d7ff433ea7d1634c2f8be

    • SHA512

      f3a7ba7ec7ecc87e9de6969a5fddb1c10558150c3b2d6647b18e6b3e67e2b92b71986f3d27dd135f430b150c357447b6dc3eb94151f0f25051c895e12d04f965

    • SSDEEP

      384:5VgGwfec5YzWUIN5JJO7ocuDg+nUHJg0tx0/PUxS20:wbWqYzpITPAKuHJg070Ux

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks