6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

6c3bbf0f31...3b.exe

windows7-x64

8

6c3bbf0f31...3b.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b
Size

1.3MB
Sample

231012-tl37aacg57
MD5

bd7411d5c32684f018428d0f9a4f86b7
SHA1

cacbe236e63cefb23f31aab6f192e9e03d264cd8
SHA256

6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b
SHA512

6d67eb3617b746cd26589a74651c2987aa781d7e1c72a0696e2587afb9b07dc24c5648d1feb4b732ba8288ad46482d936e008014e8f7f4fc36552c743feab88f
SSDEEP

24576:KgoPM9jkPd17jwfYl7jy0hslMQwKQnjr51uTiZxv879kENIdLwN4ZASFDJrEH7d:uM9QPdxwfE7WlFwKAfzuTiDFUFk2

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b.exe

Resource

win7-20230831-en

persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b.exe

Resource

win10v2004-20230915-en

persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b
- Size
  
  1.3MB
- MD5
  
  bd7411d5c32684f018428d0f9a4f86b7
- SHA1
  
  cacbe236e63cefb23f31aab6f192e9e03d264cd8
- SHA256
  
  6c3bbf0f31ca7b068a49a887c89ea34f36ef441c1ca6db4070504d343923b13b
- SHA512
  
  6d67eb3617b746cd26589a74651c2987aa781d7e1c72a0696e2587afb9b07dc24c5648d1feb4b732ba8288ad46482d936e008014e8f7f4fc36552c743feab88f
- SSDEEP
  
  24576:KgoPM9jkPd17jwfYl7jy0hslMQwKQnjr51uTiZxv879kENIdLwN4ZASFDJrEH7d:uM9QPdxwfE7WlFwKAfzuTiDFUFk2
Score

8^/10

persistence upx
- Modifies AppInit DLL entries
  persistence
- Sets file execution options in registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy