Overview

overview

10

Static

static

8

bd0be98a94...06.exe

windows7-x64

10

bd0be98a94...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd0be98a949b20838a06562ae125846badc8ccc6f5360443668bf78fddfecd06

  • Size

    20KB

  • Sample

    221205-x381msha56

  • MD5

    747c16c1e5aafcfaaa461d9a21fa3497

  • SHA1

    f985ce06fd5d408f5d2c9dc6a9089d976e5fde5a

  • SHA256

    bd0be98a949b20838a06562ae125846badc8ccc6f5360443668bf78fddfecd06

  • SHA512

    33a946958bdd8d66bb7b9bad9754843faa3e579a5e4fc85ee4f5e3792e4c540c0c892d55ebfdb0f100fbd7c42b944a6ec77479e820eb2e4e53718034eb6f12c1

  • SSDEEP

    384:EYY72Y3p62w+9QC+sgQavLuoI24OBC19Gq6LFBlK+VZMuCFDf7b06Mw:Po0REUvVhC+LFBlK+nNClsbw

Score
10/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      bd0be98a949b20838a06562ae125846badc8ccc6f5360443668bf78fddfecd06

    • Size

      20KB

    • MD5

      747c16c1e5aafcfaaa461d9a21fa3497

    • SHA1

      f985ce06fd5d408f5d2c9dc6a9089d976e5fde5a

    • SHA256

      bd0be98a949b20838a06562ae125846badc8ccc6f5360443668bf78fddfecd06

    • SHA512

      33a946958bdd8d66bb7b9bad9754843faa3e579a5e4fc85ee4f5e3792e4c540c0c892d55ebfdb0f100fbd7c42b944a6ec77479e820eb2e4e53718034eb6f12c1

    • SSDEEP

      384:EYY72Y3p62w+9QC+sgQavLuoI24OBC19Gq6LFBlK+VZMuCFDf7b06Mw:Po0REUvVhC+LFBlK+nNClsbw

    Score
    10/10
    evasionpersistencetrojanupx

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks