822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0 | Triage

Submit
Reports

Overview

overview

8

Static

static

822bf3aa3f...e0.exe

windows7-x64

8

822bf3aa3f...e0.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0
Size

194KB
Sample

221201-cqcrfseh25
MD5

4eaa96560c081bcb77bf40ccdc8ea83f
SHA1

caffff30bbe965b966929eaa06341d8ba2017816
SHA256

822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0
SHA512

11d175391cf587b6e0945e90e5a8752a4f5871adce54b7476a80ee76da4b7abd5da11abefd4034aa41a71128ae89215d9e0cf42a679d58cf36ba4dd129466c50
SSDEEP

6144:LPIoILU8pdShUF0qZfEPgZk0/D8L6cxKv8:LPIw+dShUx8YV4mc

Score

8^/10

discovery evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0.exe

Resource

win7-20221111-en

discovery evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0.exe

Resource

win10v2004-20221111-en

discovery evasion persistence trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0
- Size
  
  194KB
- MD5
  
  4eaa96560c081bcb77bf40ccdc8ea83f
- SHA1
  
  caffff30bbe965b966929eaa06341d8ba2017816
- SHA256
  
  822bf3aa3f6f1a28e9dc61b324f334628a66206719be579e8f8ef7e3500183e0
- SHA512
  
  11d175391cf587b6e0945e90e5a8752a4f5871adce54b7476a80ee76da4b7abd5da11abefd4034aa41a71128ae89215d9e0cf42a679d58cf36ba4dd129466c50
- SSDEEP
  
  6144:LPIoILU8pdShUF0qZfEPgZk0/D8L6cxKv8:LPIw+dShUx8YV4mc
Score

8^/10

discovery evasion persistence trojan upx
- Adds policy Run key to start application
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2025

Terms | Privacy