49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af | Triage

Submit
Reports

Overview

overview

9

Static

static

8

49fabce60f...af.exe

windows7-x64

49fabce60f...af.exe

windows10-2004-x64

9

Sharing

General

Target

49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af
Size

253KB
Sample

221124-bke4yscd8y
MD5

358ba23c0238474c2f5621f05dba5380
SHA1

82e0b375a89f828b7f9689478a83037f81eb9237
SHA256

49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af
SHA512

44cba24127309348c4cc9a54a00e141693d81e88a73725cb0a32ca64ccb310e076a16447f5a479f1292a7282224a2b4f2d57b7b8ee96cf02c6e101e0cc1b333c
SSDEEP

6144:YtiKbV4FeQ2WAdjneGYN8PWRz6H0qXoOSw34Z:ii86QWAdjs8PWd0QwU

Score

9^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af.exe

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af.exe

Resource

win10v2004-20220812-en

evasion persistence trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af
- Size
  
  253KB
- MD5
  
  358ba23c0238474c2f5621f05dba5380
- SHA1
  
  82e0b375a89f828b7f9689478a83037f81eb9237
- SHA256
  
  49fabce60f7ede37ec9f888400e3828b8cb7b20ee81ada1d487bf38de29d47af
- SHA512
  
  44cba24127309348c4cc9a54a00e141693d81e88a73725cb0a32ca64ccb310e076a16447f5a479f1292a7282224a2b4f2d57b7b8ee96cf02c6e101e0cc1b333c
- SSDEEP
  
  6144:YtiKbV4FeQ2WAdjneGYN8PWRz6H0qXoOSw34Z:ii86QWAdjs8PWd0QwU
Score

9^/10

evasion persistence trojan upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojanupx

© 2018-2024

Terms | Privacy