Overview

overview

8

Static

static

81955b2523...9c.exe

windows7-x64

8

81955b2523...9c.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    81955b2523c1e54755b3f2d71f379d591daf7bae462f22758c15d5880532c99c

  • Size

    150KB

  • Sample

    221204-gkmfxsbh66

  • MD5

    db1515716c35b284c4a3d3dcd8824e9f

  • SHA1

    606663f351e0561924d5bef0615dc61019551daf

  • SHA256

    81955b2523c1e54755b3f2d71f379d591daf7bae462f22758c15d5880532c99c

  • SHA512

    dcb6794515a1e27b32f2a40a3462c25edba4d49add9cf68afaa02bf221e971993cca90de7ee385db768e8465c4ff845337a454eb6da5916dcc011253c56be2cd

  • SSDEEP

    3072:wWP56lQojsw6AtswaMTHSsoC5oKb20yuy5vfoVR:dzxe/ZkwGvwVR

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      81955b2523c1e54755b3f2d71f379d591daf7bae462f22758c15d5880532c99c

    • Size

      150KB

    • MD5

      db1515716c35b284c4a3d3dcd8824e9f

    • SHA1

      606663f351e0561924d5bef0615dc61019551daf

    • SHA256

      81955b2523c1e54755b3f2d71f379d591daf7bae462f22758c15d5880532c99c

    • SHA512

      dcb6794515a1e27b32f2a40a3462c25edba4d49add9cf68afaa02bf221e971993cca90de7ee385db768e8465c4ff845337a454eb6da5916dcc011253c56be2cd

    • SSDEEP

      3072:wWP56lQojsw6AtswaMTHSsoC5oKb20yuy5vfoVR:dzxe/ZkwGvwVR

    Score
    8/10
    persistenceupx

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks