Overview

overview

7

Static

static

3

更新文�...�3.exe

windows7-x64

7

更新文�...�3.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    更新文件工具3.exe

  • Size

    1.6MB

  • Sample

    230614-y64e1ade82

  • MD5

    6399ce4642cdd36c01e99fefe8adc0cc

  • SHA1

    01f35bd2853a0b74faac167f83644a54a7c690d2

  • SHA256

    955387b03bed86e24be8f4940780114dfff1fe4f43050111b59f9d11e470790d

  • SHA512

    beb0f8f0d8496ae5e30c3e40ea161cfee8108a269b9bf83b9cc8e7d5797679bf98b1420a6e05d7794275c1dd4d066d6e5f50a92085f5c76f7c202f699292a399

  • SSDEEP

    12288:GLMxhyxv664BtysdhIl4t4plpgUqdR5nWFpPoSRMGgVKMnnp+Myg:GajBUsdhk4iplCUqAbUGgZnnpXyg

Score
7/10
aspackv2upx

Malware Config

Targets

    • Target

      更新文件工具3.exe

    • Size

      1.6MB

    • MD5

      6399ce4642cdd36c01e99fefe8adc0cc

    • SHA1

      01f35bd2853a0b74faac167f83644a54a7c690d2

    • SHA256

      955387b03bed86e24be8f4940780114dfff1fe4f43050111b59f9d11e470790d

    • SHA512

      beb0f8f0d8496ae5e30c3e40ea161cfee8108a269b9bf83b9cc8e7d5797679bf98b1420a6e05d7794275c1dd4d066d6e5f50a92085f5c76f7c202f699292a399

    • SSDEEP

      12288:GLMxhyxv664BtysdhIl4t4plpgUqdR5nWFpPoSRMGgVKMnnp+Myg:GajBUsdhk4iplCUqAbUGgZnnpXyg

    Score
    7/10
    aspackv2upx

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks