f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d | Triage

Submit
Reports

Overview

overview

Static

static

8

f0fde91f35...8d.exe

windows7-x64

f0fde91f35...8d.exe

windows10-2004-x64

Sharing

General

Target

f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d
Size

273KB
Sample

221204-lsr4lagd96
MD5

c7a7cf64fb49f2a066da34a7f78fe977
SHA1

537eac4c5324aa3be30ac19d49ba8397ed9d8474
SHA256

f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d
SHA512

35b87de7b1d1063f0cf85325770d0c429fbe3e8cf237a8c3a52929e64869972bbea0fe476415c979a683117eaeae8b0be6943c5313d7775333df91fa58bcdc74
SSDEEP

6144:S8UEj2jCkegTOZeOmBxZ86fwMB49fAxHwkX2lYVe5EBDZUE0k4g9IwoSb:S8U1+go0xZDA9fpkmge+DZUPkF3oSb

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d.exe

Resource

win7-20221111-en

evasion persistence trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d.exe

Resource

win10v2004-20221111-en

evasion persistence trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d
- Size
  
  273KB
- MD5
  
  c7a7cf64fb49f2a066da34a7f78fe977
- SHA1
  
  537eac4c5324aa3be30ac19d49ba8397ed9d8474
- SHA256
  
  f0fde91f35e72918f5d56739d9c0d98e8d359b8cf78243d5500f3ce27c08be8d
- SHA512
  
  35b87de7b1d1063f0cf85325770d0c429fbe3e8cf237a8c3a52929e64869972bbea0fe476415c979a683117eaeae8b0be6943c5313d7775333df91fa58bcdc74
- SSDEEP
  
  6144:S8UEj2jCkegTOZeOmBxZ86fwMB49fAxHwkX2lYVe5EBDZUE0k4g9IwoSb:S8U1+go0xZDA9fpkmge+DZUPkF3oSb
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2025

Terms | Privacy