Overview

overview

8

Static

static

8

1607268ef2...51.exe

windows7-x64

8

1607268ef2...51.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    1607268ef2fa78fbf22c9d504a0add52ffe84acbba6a10c0c53b90e70fc26451

  • Size

    506KB

  • Sample

    221127-jda6esde9z

  • MD5

    9f2eb04e92a19b2dbb3a351f229f0795

  • SHA1

    c2aeb031c54c7c5c889d2666778afe9971348315

  • SHA256

    1607268ef2fa78fbf22c9d504a0add52ffe84acbba6a10c0c53b90e70fc26451

  • SHA512

    3f2078057e8bd9220ad15877327ad89ebed2e6fcfbd6b3b39438bd0015d3ef768d89e7540491bcbff3fd54adb16393c24eb2194a3f51c092e8ab7c1c97cc5a1d

  • SSDEEP

    12288:ZzYwKuEYUhoMO+xxmYrkwDDV69J/LGqnfBFun5C5fP7ZWToUvJF:1sZYUhoM/LmKo/fnfBFACiPL

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      1607268ef2fa78fbf22c9d504a0add52ffe84acbba6a10c0c53b90e70fc26451

    • Size

      506KB

    • MD5

      9f2eb04e92a19b2dbb3a351f229f0795

    • SHA1

      c2aeb031c54c7c5c889d2666778afe9971348315

    • SHA256

      1607268ef2fa78fbf22c9d504a0add52ffe84acbba6a10c0c53b90e70fc26451

    • SHA512

      3f2078057e8bd9220ad15877327ad89ebed2e6fcfbd6b3b39438bd0015d3ef768d89e7540491bcbff3fd54adb16393c24eb2194a3f51c092e8ab7c1c97cc5a1d

    • SSDEEP

      12288:ZzYwKuEYUhoMO+xxmYrkwDDV69J/LGqnfBFun5C5fP7ZWToUvJF:1sZYUhoM/LmKo/fnfBFACiPL

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks