ee320fdb489f569b02dc934f9e5a12e66a031b3c2a4956d1b29fc4a3f3ab92ba | Triage

Submit
Reports

Overview

overview

Static

static

7

8fb826ea46...4f.exe

windows7-x64

8fb826ea46...4f.exe

windows10-2004-x64

Sharing

General

Target

8fb826ea46d4e61c979ad83cf0dd684f
Size

1.1MB
Sample

230316-brsnmagc64
MD5

8fb826ea46d4e61c979ad83cf0dd684f
SHA1

b0f417beea49fec51bb57912f9e719b4d708b22e
SHA256

ee320fdb489f569b02dc934f9e5a12e66a031b3c2a4956d1b29fc4a3f3ab92ba
SHA512

77b2923479a737b315d003e222bfcf0bf4d7cdc843d3ab7654c9ba87a48d34c53803d0ba18d756c9febacd0916f3f410d0d8372a51418d9b8ad2247c0f86d9d5
SSDEEP

24576:W+pA7U7VqM/qVNN1zJaFWJLiuz6B/7wP4QKaYxl2e/:LB7Vq7VTVJac+zB/MPdExl2e/

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8fb826ea46d4e61c979ad83cf0dd684f.exe

Resource

win7-20230220-en

evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

8fb826ea46d4e61c979ad83cf0dd684f.exe

Resource

win10v2004-20230221-en

evasion persistence trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  8fb826ea46d4e61c979ad83cf0dd684f
- Size
  
  1.1MB
- MD5
  
  8fb826ea46d4e61c979ad83cf0dd684f
- SHA1
  
  b0f417beea49fec51bb57912f9e719b4d708b22e
- SHA256
  
  ee320fdb489f569b02dc934f9e5a12e66a031b3c2a4956d1b29fc4a3f3ab92ba
- SHA512
  
  77b2923479a737b315d003e222bfcf0bf4d7cdc843d3ab7654c9ba87a48d34c53803d0ba18d756c9febacd0916f3f410d0d8372a51418d9b8ad2247c0f86d9d5
- SSDEEP
  
  24576:W+pA7U7VqM/qVNN1zJaFWJLiuz6B/7wP4QKaYxl2e/:LB7Vq7VTVJac+zB/MPdExl2e/
Score

10^/10

evasion persistence trojan upx
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2025

Terms | Privacy