Overview

overview

8

Static

static

299790ad71...61.exe

windows7-x64

8

299790ad71...61.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    299790ad7148fcae3d433c8265533e2fcbb620c04ab4896d44a1f9dc5b8e3f61

  • Size

    887KB

  • Sample

    221125-2dwfgaed9x

  • MD5

    5fa6538471d30c084c0257b80a8a4d5e

  • SHA1

    756e754223382739063d7420807871d255bff53d

  • SHA256

    299790ad7148fcae3d433c8265533e2fcbb620c04ab4896d44a1f9dc5b8e3f61

  • SHA512

    8a3af2d7efd474bd95ae734ef73e323e04c7d2de9c461dee87574b07769ca046e2545a7393e3a7d54b18e6cd3635a8c59b052e162c63b091de1b7c20a9de636b

  • SSDEEP

    12288:kYCr8rgkNxnHaFP78jdwOt/XbLAo0tjUe8NA3cNNC/Q5PXTcVgdv240dEeqYW9nM:NCYL7aJ8pwGXbD0tjBwCvI5YW9lm

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      299790ad7148fcae3d433c8265533e2fcbb620c04ab4896d44a1f9dc5b8e3f61

    • Size

      887KB

    • MD5

      5fa6538471d30c084c0257b80a8a4d5e

    • SHA1

      756e754223382739063d7420807871d255bff53d

    • SHA256

      299790ad7148fcae3d433c8265533e2fcbb620c04ab4896d44a1f9dc5b8e3f61

    • SHA512

      8a3af2d7efd474bd95ae734ef73e323e04c7d2de9c461dee87574b07769ca046e2545a7393e3a7d54b18e6cd3635a8c59b052e162c63b091de1b7c20a9de636b

    • SSDEEP

      12288:kYCr8rgkNxnHaFP78jdwOt/XbLAo0tjUe8NA3cNNC/Q5PXTcVgdv240dEeqYW9nM:NCYL7aJ8pwGXbD0tjBwCvI5YW9lm

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks