Overview

overview

10

Static

static

ff61848f4c...d8.exe

windows7-x64

10

ff61848f4c...d8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ff61848f4c4b5322d45eabad772519cf8a128e1c1b48fb8790179b124099bbd8

  • Size

    240KB

  • Sample

    221127-jsy6ssef91

  • MD5

    43b11d7901d0aaa37ffa8b97441eeac3

  • SHA1

    dd7b48b3624d8a3bba27b54f72ec323dc37d32e0

  • SHA256

    ff61848f4c4b5322d45eabad772519cf8a128e1c1b48fb8790179b124099bbd8

  • SHA512

    4032915aad2fd14e2cf56db97836095a814e1f289cda0214dd4274eb0d6a4dfa64e56ff037967e955977f39b67c59dfe770debc88ad4f996a0735dc5e01a41a7

  • SSDEEP

    6144:Yfk03vblIUkO8w8EeTwxMuIW17V4bP3C4h7:Yr3v+UkOD8EeTqMPLC

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      ff61848f4c4b5322d45eabad772519cf8a128e1c1b48fb8790179b124099bbd8

    • Size

      240KB

    • MD5

      43b11d7901d0aaa37ffa8b97441eeac3

    • SHA1

      dd7b48b3624d8a3bba27b54f72ec323dc37d32e0

    • SHA256

      ff61848f4c4b5322d45eabad772519cf8a128e1c1b48fb8790179b124099bbd8

    • SHA512

      4032915aad2fd14e2cf56db97836095a814e1f289cda0214dd4274eb0d6a4dfa64e56ff037967e955977f39b67c59dfe770debc88ad4f996a0735dc5e01a41a7

    • SSDEEP

      6144:Yfk03vblIUkO8w8EeTwxMuIW17V4bP3C4h7:Yr3v+UkOD8EeTqMPLC

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks