Overview

overview

8

Static

static

ecard.exe

windows7-x64

8

ecard.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9f02907443c868af7bd8a79299041994a4207c22fc74d338d7064b530ab9c18

  • Size

    268KB

  • Sample

    221124-zt1c9ahg44

  • MD5

    d48bffed1e2c5a7118d3dfb279d82bdf

  • SHA1

    4d1b854c616f845e76fc16ccda3c7d2e3dfa5f69

  • SHA256

    a9f02907443c868af7bd8a79299041994a4207c22fc74d338d7064b530ab9c18

  • SHA512

    0d998ef05326093ccb7cbb421d9c3a135e030809ab34cf7b3a7919936343c84860f2a91f7acb87e25e8b421f5eae9e4d1d8039ddda2215bed8d00029aa5a0fcb

  • SSDEEP

    6144:GTPPg+HuD0QUCMxpLqZhVj3aWd5nrbHI7x+rZbMTOHFENspM39UenzOg:032D8XxpOHVjvrjPrZoTOaOzezOg

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      ecard.exe

    • Size

      540KB

    • MD5

      7e1fe97ad2bbe4694db516da79c34791

    • SHA1

      faeb9e85135b7bc13d994f00f94b9285e962b39a

    • SHA256

      9152f3ed68a535b62204bad2c7a88dc1028264bac3a4c3b28b33a3b89bb6418d

    • SHA512

      3c1267dab94c1159d7339c65ecdb63c1792079fbe65527ed934b7ed11d39233bd8cd711aa1d93a30c118fbf15dba18f60cca54cfdc08ed95045b55d70debeeaf

    • SSDEEP

      6144:lhLpD3Ave4QRZQBdU9rGhYCMxpLoZhVj3aUd5nrbHK7x+rZbMkN2PaWIZqbixxn5:lTcvhzU9ihYXxpUHVjfrjBrZok/V

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks