Overview

overview

10

Static

static

8

27588404d0...92.exe

windows7-x64

10

27588404d0...92.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    27588404d029098fdde6db0f3a61d3df8a1ac4ef85abe64baff5c4f680a05592

  • Size

    225KB

  • Sample

    221124-k44fbsgb8x

  • MD5

    90f2444ba2155fc98f608ff0998fa6e4

  • SHA1

    7aaae6f87836124e6a550e801233b9674ed4b2c4

  • SHA256

    27588404d029098fdde6db0f3a61d3df8a1ac4ef85abe64baff5c4f680a05592

  • SHA512

    e9867cad42744c2b07f025a873551ac5fdf883ff4833b5d36d60a34664cae04bee4fedb5829b5f6d06bab12f1b2532646dbdb641d3949558637ccb96745b7d11

  • SSDEEP

    6144:jpqI6L9+5/wEJXTuQ13XPiqZ3paxBhg1iQsaKcoSc:jk9+q+TuOaxBO1i3koSc

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      27588404d029098fdde6db0f3a61d3df8a1ac4ef85abe64baff5c4f680a05592

    • Size

      225KB

    • MD5

      90f2444ba2155fc98f608ff0998fa6e4

    • SHA1

      7aaae6f87836124e6a550e801233b9674ed4b2c4

    • SHA256

      27588404d029098fdde6db0f3a61d3df8a1ac4ef85abe64baff5c4f680a05592

    • SHA512

      e9867cad42744c2b07f025a873551ac5fdf883ff4833b5d36d60a34664cae04bee4fedb5829b5f6d06bab12f1b2532646dbdb641d3949558637ccb96745b7d11

    • SSDEEP

      6144:jpqI6L9+5/wEJXTuQ13XPiqZ3paxBhg1iQsaKcoSc:jk9+q+TuOaxBO1i3koSc

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks