Overview

overview

8

Static

static

a.exe

windows7-x64

8

a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    a_2.zip

  • Size

    14.3MB

  • Sample

    221229-ns5qssch78

  • MD5

    c2acaf363b1aaf868e7d746430a95a56

  • SHA1

    4d1fce112f2681f5a5e9c5c833f540a5957fc0df

  • SHA256

    f38f7c3792781b7b0c52e8252ca519de1139eb1e965b3054c7a160eb40c91d00

  • SHA512

    848ffddbdaefedf5f4126498c730dc57053d2f58572b04536a63cf49f7c89bd4a169b6a4f2e513de789e31467f59c53048258d5d7d8362231b4ac4f6e6cc4bdf

  • SSDEEP

    196608:aCjx6zIjFFQ93JgbUmyp7BAYmGhilOgFkRP3xxtM9a8WPgGOZh3ZX2y+B6/Ks4OK:tjiJ95goPaY5VgFq0UgGiKo0rie

Score
8/10
discoveryevasionpersistenceupx

Malware Config

Targets

    • Target

      a.exe

    • Size

      14.5MB

    • MD5

      eaa9b113a9c860a0dfd836f0d9cafc07

    • SHA1

      551f78dbd61336976c0fed536316ddde9ace222e

    • SHA256

      df751bce2b87758ead266eebd1441deacb89a7c881f4b36635a66f33845f5631

    • SHA512

      972209a044112b8b42241d68700a9e34a98cdd172d226b483d269dcd3f06124934f667076f569ebb6e20ce32cd1f39c8fe715ed9fc02585fa0401443d0d70532

    • SSDEEP

      393216:KFRE69KjNA6xu95dYGCv5/keoabs9zq1ES8rCA:KFRPYjq6xk5dYbYaI9zT

    Score
    8/10
    discoveryevasionpersistenceupx

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks