Overview

overview

8

Static

static

e525c62c55...b4.exe

windows7-x64

8

e525c62c55...b4.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e525c62c558c5bb3f820c35f2f0a0ba2e7f26cf90df3bf1582302b7da40105b4

  • Size

    580KB

  • Sample

    221203-1qjf1agg64

  • MD5

    ccd83dccc76498ff3ac8f1aacc5e948a

  • SHA1

    999e7ae7e61de54153cf3d0976dc072fdaa5fda4

  • SHA256

    e525c62c558c5bb3f820c35f2f0a0ba2e7f26cf90df3bf1582302b7da40105b4

  • SHA512

    34f387a301b6669470e13fd771835e81a220d591869f880e8b8593fb5bc89dbca26699fce7b5b66e10eee7e964872a5b51d078261400e3081b99dbd80c82dc1e

  • SSDEEP

    12288:9RAJ2cRIUG4Wd5ZTqA0qn4fYG3+FX+nKMfrq7RTcm:9VcRI1VTkY4+FD9cm

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      e525c62c558c5bb3f820c35f2f0a0ba2e7f26cf90df3bf1582302b7da40105b4

    • Size

      580KB

    • MD5

      ccd83dccc76498ff3ac8f1aacc5e948a

    • SHA1

      999e7ae7e61de54153cf3d0976dc072fdaa5fda4

    • SHA256

      e525c62c558c5bb3f820c35f2f0a0ba2e7f26cf90df3bf1582302b7da40105b4

    • SHA512

      34f387a301b6669470e13fd771835e81a220d591869f880e8b8593fb5bc89dbca26699fce7b5b66e10eee7e964872a5b51d078261400e3081b99dbd80c82dc1e

    • SSDEEP

      12288:9RAJ2cRIUG4Wd5ZTqA0qn4fYG3+FX+nKMfrq7RTcm:9VcRI1VTkY4+FD9cm

    Score
    8/10
    persistenceupx

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks