Overview

overview

8

Static

static

3

8424fd3571...f7.exe

windows7-x64

7

8424fd3571...f7.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8424fd35710eb3ac23e5ee27225ced6769a4036cfb628465e2d9c33188a6c1f7

  • Size

    1.4MB

  • Sample

    231012-jfelmage35

  • MD5

    586c72a8b6819b717e2b78c365505085

  • SHA1

    83c63fd26f9fad1c06cb15356c842451f816ae83

  • SHA256

    8424fd35710eb3ac23e5ee27225ced6769a4036cfb628465e2d9c33188a6c1f7

  • SHA512

    2a3512f381ed40e73bccac594ce1a601c9d4adde226617072eb408f1a52eb464bbad4d45c5cf9c424d1ca18e77d909220892d3ee445f08e40d84ffac99e97f5f

  • SSDEEP

    24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk

Score
8/10
evasionupx

Malware Config

Targets

    • Target

      8424fd35710eb3ac23e5ee27225ced6769a4036cfb628465e2d9c33188a6c1f7

    • Size

      1.4MB

    • MD5

      586c72a8b6819b717e2b78c365505085

    • SHA1

      83c63fd26f9fad1c06cb15356c842451f816ae83

    • SHA256

      8424fd35710eb3ac23e5ee27225ced6769a4036cfb628465e2d9c33188a6c1f7

    • SHA512

      2a3512f381ed40e73bccac594ce1a601c9d4adde226617072eb408f1a52eb464bbad4d45c5cf9c424d1ca18e77d909220892d3ee445f08e40d84ffac99e97f5f

    • SSDEEP

      24576:U2G/nvxW3Ww0tRp8GiXTBhq7yRDvHcUcjUvy0lr3Tl6icOB/UWoT:UbA30H4zF0UMSAicOB/UWk

    Score
    8/10
    evasionupx

    • Modifies Windows Firewall

      evasion

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks