Overview

overview

8

Static

static

Ausgleich ...13.exe

windows7-x64

8

Ausgleich ...13.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19e4cb7ffcd4b89e2a69f387d987e590bce26da2f6dc24c8dd96c388810cf01c

  • Size

    117KB

  • Sample

    221201-mv8pssag87

  • MD5

    f386dfd65c497fd129cece11d644e3cd

  • SHA1

    fa4406a7bd74953d790651f94d6ac128e99e5251

  • SHA256

    19e4cb7ffcd4b89e2a69f387d987e590bce26da2f6dc24c8dd96c388810cf01c

  • SHA512

    b5594b8e64e7c88d046ba6bfbeecb86f0a2473f1b7adbad887698b0da16c162da3bca336e584f4af7dfcc3f2099c6339ba50528d9efff12ff39d3591dcc2e30a

  • SSDEEP

    3072:QGegrRkXIWxsa2zk8xqcMVgNWBckfKmEJj:QGfVRWSdku1tAykSmSj

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      Ausgleich der stornierten Buchung Ihrer Bestellung 22.08.2013.com

    • Size

      117KB

    • MD5

      0dff505738ec8703e40edbf5f643d2ae

    • SHA1

      3461115ad15fea2eb45773e2a842222ce8ec204a

    • SHA256

      f54b108aa1be2ea97262233f5233ced23ca3c5a9174bf625591f13c3537a4476

    • SHA512

      d76052613726e9bc1f738dc2e153bc5e2719c0bc5c1a90802dc133972734a0e4ecd16e72fba1b9f494b7ab203dbe7fc2fbeae50a77ec40f622ac23feacc1c164

    • SSDEEP

      3072:+GegrRkXIWxsa2zk8xqcMVgNWBckfKmEJI:+GfVRWSdku1tAykSmSI

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks