Overview

overview

8

Static

static

8

619d162c0c...b5.exe

windows7-x64

8

619d162c0c...b5.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    619d162c0ca14454d88569f84f7e12fbcb3477c4d2b66bc099d8843cc68d07b5

  • Size

    818KB

  • Sample

    221124-nw49faeg3s

  • MD5

    1e41516cd9812b93b646d1ad8c903fe6

  • SHA1

    0bee53983416c2987b0b8b3452866dc085c8e5a4

  • SHA256

    619d162c0ca14454d88569f84f7e12fbcb3477c4d2b66bc099d8843cc68d07b5

  • SHA512

    dd7e837f7b0eb33ca72df4f672158c95f54ec0e7b0aadd0a47d153938e9f5b1e80e853c75722439abe008e13c876f3298431b9df3ddc01913ea5238f6d5622a7

  • SSDEEP

    12288:E6Wq4aaE6KwyF5L0Y2D1PqLfUZhZL9fq3hMiUQWrvnbo1EB9RoqKkgcfB:CthEVaPqLfYhZUZU9rvbo1EBEq5tfB

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      619d162c0ca14454d88569f84f7e12fbcb3477c4d2b66bc099d8843cc68d07b5

    • Size

      818KB

    • MD5

      1e41516cd9812b93b646d1ad8c903fe6

    • SHA1

      0bee53983416c2987b0b8b3452866dc085c8e5a4

    • SHA256

      619d162c0ca14454d88569f84f7e12fbcb3477c4d2b66bc099d8843cc68d07b5

    • SHA512

      dd7e837f7b0eb33ca72df4f672158c95f54ec0e7b0aadd0a47d153938e9f5b1e80e853c75722439abe008e13c876f3298431b9df3ddc01913ea5238f6d5622a7

    • SSDEEP

      12288:E6Wq4aaE6KwyF5L0Y2D1PqLfUZhZL9fq3hMiUQWrvnbo1EB9RoqKkgcfB:CthEVaPqLfYhZUZU9rvbo1EBEq5tfB

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks