Overview

overview

10

Static

static

8

d22466b68d...50.exe

windows7-x64

10

d22466b68d...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d22466b68d5df7f37f5ae0043d756a5d6930ae7cf351feeff468b7029cabd950

  • Size

    299KB

  • Sample

    221204-j3pecafa2z

  • MD5

    ae6c1e02f107bd9a587d57380863c777

  • SHA1

    15322b2cca4e38eee3d323ca5aa83fe7f3825820

  • SHA256

    d22466b68d5df7f37f5ae0043d756a5d6930ae7cf351feeff468b7029cabd950

  • SHA512

    61b67272305a594f776e65f5f1619394fff908056be8376081e1982796b67f1f735834b4d64e024e3ffebf9430d24b3878965b11be2535b554b59cdb21a97573

  • SSDEEP

    6144:t1jZMmAOis065h1hqYqaC97mf3Ki49BY2ckorxCrimK39ij2zZ/Xk9yPyKYcjXy:t1jRis0653hrC97mf3YYNC+moij2/k9n

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      d22466b68d5df7f37f5ae0043d756a5d6930ae7cf351feeff468b7029cabd950

    • Size

      299KB

    • MD5

      ae6c1e02f107bd9a587d57380863c777

    • SHA1

      15322b2cca4e38eee3d323ca5aa83fe7f3825820

    • SHA256

      d22466b68d5df7f37f5ae0043d756a5d6930ae7cf351feeff468b7029cabd950

    • SHA512

      61b67272305a594f776e65f5f1619394fff908056be8376081e1982796b67f1f735834b4d64e024e3ffebf9430d24b3878965b11be2535b554b59cdb21a97573

    • SSDEEP

      6144:t1jZMmAOis065h1hqYqaC97mf3Ki49BY2ckorxCrimK39ij2zZ/Xk9yPyKYcjXy:t1jRis0653hrC97mf3YYNC+moij2/k9n

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks