Overview

overview

8

Static

static

1

sample.html

windows7-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    sample

  • Size

    16KB

  • Sample

    230524-k67krsbf99

  • MD5

    c7f5a071c04c5a78b23c7573dda6fc93

  • SHA1

    b21349edda8de61ab03bc222daedd80aaf79650e

  • SHA256

    4b9ecbb8ea850577397f6396b180df1a2ac3321eb31ad1d27c3cae2bee50e560

  • SHA512

    4cb8b8b808f82d9c4be5dc9d6be261aaaebef1f6322002bded178e0655fb8e39b1723e850177dd2de18d11f0da2d6e91b7b0f336392a39376f20b86a2230c989

  • SSDEEP

    384:rs8sCSDpmRgVoOsKAElKeGMSU8HhhbXhX7W28B2KBJCBXQL:rXsbfVoOsKLI1M4BhbRLQnJQQL

Score
8/10
collectiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      sample

    • Size

      16KB

    • MD5

      c7f5a071c04c5a78b23c7573dda6fc93

    • SHA1

      b21349edda8de61ab03bc222daedd80aaf79650e

    • SHA256

      4b9ecbb8ea850577397f6396b180df1a2ac3321eb31ad1d27c3cae2bee50e560

    • SHA512

      4cb8b8b808f82d9c4be5dc9d6be261aaaebef1f6322002bded178e0655fb8e39b1723e850177dd2de18d11f0da2d6e91b7b0f336392a39376f20b86a2230c989

    • SSDEEP

      384:rs8sCSDpmRgVoOsKAElKeGMSU8HhhbXhX7W28B2KBJCBXQL:rXsbfVoOsKLI1M4BhbRLQnJQQL

    Score
    8/10
    collectiondiscoverypersistenceupx

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks