Overview

overview

8

Static

static

f8a9f83713...9f.exe

windows7-x64

8

f8a9f83713...9f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f

  • Size

    566KB

  • Sample

    221130-rq482abg41

  • MD5

    519326c59b148171f46535c4dc22dc76

  • SHA1

    6faec1ae10c597455ff6768425c3c57aa31fd855

  • SHA256

    f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f

  • SHA512

    6ba4e65739617f2d174bb3bd840ca8d81e1d5cfc4e6849d876a281f01c78ac5a20e22132542f1c0b7dc20e6be24495cdca623121a4a2c410be9f48fefdade903

  • SSDEEP

    12288:e0nyfXuIBDtfuRhKzh5jOZ03O21JDM7eAc/cIkj1LJ+Ul5yxWA9:rny/f9uRhKzT53Bhhkj1LyD

Score
8/10
microsoftpersistencephishingupx

Malware Config

Targets

    • Target

      f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f

    • Size

      566KB

    • MD5

      519326c59b148171f46535c4dc22dc76

    • SHA1

      6faec1ae10c597455ff6768425c3c57aa31fd855

    • SHA256

      f8a9f83713405e179d30d6b04133e225741c85381151b9c2455e24d19beb749f

    • SHA512

      6ba4e65739617f2d174bb3bd840ca8d81e1d5cfc4e6849d876a281f01c78ac5a20e22132542f1c0b7dc20e6be24495cdca623121a4a2c410be9f48fefdade903

    • SSDEEP

      12288:e0nyfXuIBDtfuRhKzh5jOZ03O21JDM7eAc/cIkj1LJ+Ul5yxWA9:rny/f9uRhKzT53Bhhkj1LyD

    Score
    8/10
    upxmicrosoftpersistencephishing

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks