cb5ca84655916ba8f024499ff2e23fbd4b51effa8bf454d2c5c40c1a5f4e1d50 | Triage

Sharing

General

Target

cb5ca84655916ba8f024499ff2e23fbd4b51effa8bf454d2c5c40c1a5f4e1d50
Size

1.9MB
Sample

221203-jt7jkafh94
MD5

7d0c7863e29e3f4d4fb6cfb51dc649f0
SHA1

fba12e3aa789856a2cda0845023bbf00225f79b2
SHA256

cb5ca84655916ba8f024499ff2e23fbd4b51effa8bf454d2c5c40c1a5f4e1d50
SHA512

0cdab443c4a8436aa169dede3851dc7aed31df06d3579fd2328944f55555744910ac3feb0217a57d8d1cebd31aa3738d16cc598b5580bb40338daad47c627854
SSDEEP

49152:JdPrQmTmKpadMAoeWxwJ4ka2bPd+BpnESH:LDQmTbwboeWxwJjLbVSnEu

Score

10^/10

evasion trojan upx

Malware Config

Targets

- Target
  
  IFXMWB~1.EXE
- Size
  
  13KB
- MD5
  
  d5c5f9a8736c119ed87dfc7661d0cc24
- SHA1
  
  790eac77fd7d51ac19c36a35afa89ae8492e9b16
- SHA256
  
  5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e
- SHA512
  
  7b0464eb27ea0277b776ad073cca8fed50c4d2b39d2d4fe7fc6f04c62af282f6fa1dbdbc6f9af5cbba0d68bc03b6fa4e9642f007508a15cae6ecd21544143426
- SSDEEP
  
  192:tfx1/biSj4MLsQ2BX13AakSvUkt7KeBDTdiPdP6lTDQc2nFaNJhLkwcud2DH9Vw9:tfxnT2BX1JNVjKVK2FaNJawcudoD7Ub
Score

10^/10

evasion trojan upx
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  KGVWLWGX.exe
- Size
  
  4.3MB
- MD5
  
  42914de44f15854e581b4010ffaee54d
- SHA1
  
  269ad7bd94357aa81c50e66099f72650ea71cd02
- SHA256
  
  dae82e3e2001feff4444083fe6d9eb9d5b11e778d8f20f3a2f147659271cad6a
- SHA512
  
  3b643e86ff273af94846c63931d566f978db433771e4713cfbed6deb86e2927aad3fdd250c46b0c9131ee72bf657bb592da7836f52b0f30037074c8bc6e25f7c
- SSDEEP
  
  49152:JGpp2sPkC3ThJlQJiKnYPpHFhF8+yd2biFE02:Mpp2s8C3T9KnYBHFhFbiE1
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanupx

behavioral2

behavioral3

behavioral4