Overview

overview

10

Static

static

4bd1f8d8db...01.exe

windows7-x64

8

4bd1f8d8db...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bd1f8d8dbd0141a3671d13da19b307f24fe31bbdc5e3100c8b70b0035efb401

  • Size

    248KB

  • Sample

    221125-b93xbagb6z

  • MD5

    59ec1fc933476c91845dc48f1a7c70e7

  • SHA1

    6ea46d0e2c8659ce415edc1652fc67a683ea66a1

  • SHA256

    4bd1f8d8dbd0141a3671d13da19b307f24fe31bbdc5e3100c8b70b0035efb401

  • SHA512

    4d1d2522d5a90d3dc035437bea6837b58d2b75c3f0d38b8b565b98a721c9524e636f364067a0ec2f62843ee951fd7db4eb076b6c7fc9f413fce2abf8395b0cd7

  • SSDEEP

    6144:ydSrFa3PA+X+H2Dsqiq4DMKXJk6e9pZHhYTHyZ9LtjV:QA+OW70UTlh2Sf

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      4bd1f8d8dbd0141a3671d13da19b307f24fe31bbdc5e3100c8b70b0035efb401

    • Size

      248KB

    • MD5

      59ec1fc933476c91845dc48f1a7c70e7

    • SHA1

      6ea46d0e2c8659ce415edc1652fc67a683ea66a1

    • SHA256

      4bd1f8d8dbd0141a3671d13da19b307f24fe31bbdc5e3100c8b70b0035efb401

    • SHA512

      4d1d2522d5a90d3dc035437bea6837b58d2b75c3f0d38b8b565b98a721c9524e636f364067a0ec2f62843ee951fd7db4eb076b6c7fc9f413fce2abf8395b0cd7

    • SSDEEP

      6144:ydSrFa3PA+X+H2Dsqiq4DMKXJk6e9pZHhYTHyZ9LtjV:QA+OW70UTlh2Sf

    Score
    10/10
    persistenceevasionupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks