Overview

overview

9

Static

static

1

f1ff319a4e...33.exe

windows7-x64

9

f1ff319a4e...33.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1ff319a4ee22cc9e06e521d412fa20c157df9d5607d9d73bd691748c3b8f433

  • Size

    21.1MB

  • Sample

    221125-xbwk8sfe53

  • MD5

    febab3f5f5440e30492feee4d6b5a199

  • SHA1

    fdc74ca59854a4e18f7582c473448fa249fb2747

  • SHA256

    f1ff319a4ee22cc9e06e521d412fa20c157df9d5607d9d73bd691748c3b8f433

  • SHA512

    c47d227f843ad3048b230d094f26f935f5b032cb5c1825f90f45c6b05d4b7465bdac8230a3835fcf8fc2c755f474681fe352c9d3c0c719f536c2641c152e6b12

  • SSDEEP

    393216:j0kYkVvbepC09XkyhYjVZpIQya+4pN63BpTy+SZ5+ARENxp5ofw+U/UqI3/HcItM:gVkw59ZhYjVZWQ44pNyBpTZo5+gEDoor

Score
9/10
discoveryupx

Malware Config

Targets

    • Target

      f1ff319a4ee22cc9e06e521d412fa20c157df9d5607d9d73bd691748c3b8f433

    • Size

      21.1MB

    • MD5

      febab3f5f5440e30492feee4d6b5a199

    • SHA1

      fdc74ca59854a4e18f7582c473448fa249fb2747

    • SHA256

      f1ff319a4ee22cc9e06e521d412fa20c157df9d5607d9d73bd691748c3b8f433

    • SHA512

      c47d227f843ad3048b230d094f26f935f5b032cb5c1825f90f45c6b05d4b7465bdac8230a3835fcf8fc2c755f474681fe352c9d3c0c719f536c2641c152e6b12

    • SSDEEP

      393216:j0kYkVvbepC09XkyhYjVZpIQya+4pN63BpTy+SZ5+ARENxp5ofw+U/UqI3/HcItM:gVkw59ZhYjVZWQ44pNyBpTZo5+gEDoor

    Score
    9/10
    discoveryupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks