Overview

overview

8

Static

static

3

fapiao.exe

windows7-x64

8

fapiao.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34d0b61ff334eabfcb4413ee2b549b141f0d0ad607e06aba3f0f3aa99c3040e8

  • Size

    3.7MB

  • Sample

    231016-spgxsabc88

  • MD5

    21d803928c142b4d9324e604cfd48ea5

  • SHA1

    63f80f8579dece755d69aef10e27e2829786bfa2

  • SHA256

    34d0b61ff334eabfcb4413ee2b549b141f0d0ad607e06aba3f0f3aa99c3040e8

  • SHA512

    2c360312d17c51a0e204ab6b195076f41b38b020a73fd00a7bff3d3593ad0a9b131f63735e4dbbea9260408deb005534795eef60a37f9789a1545aa2a9e2c589

  • SSDEEP

    98304:VUALgiXp6cz9CMoqQGEcul/8kZNzMIMaI95iL+:5DZ6i3o38UlRjI95c+

Score
8/10
upx

Malware Config

Targets

    • Target

      fapiao.exe

    • Size

      4.9MB

    • MD5

      382190f00572b51150e85b7b8ae88f9d

    • SHA1

      fcae46680850e1ab4802c4d8c2fa264dff584d17

    • SHA256

      ffe1ee17eb8a1824d9ab1147d3765881907e3d3c2dccc003f2428f0595813101

    • SHA512

      e2cc73e79830b7deeb632041c66350ea2092d6c6e17ee4faffe8f28cce146802a73414f506fc8a388804439558c507ed5004331e2f430f749f7d27021a9c79ff

    • SSDEEP

      98304:A72Aa9n03jT1YDuzOgeNlJT5oj9ghi1RebM390bYVY0AkdlBzJ5wzu65xI:+nTg5ojD390bYV7lBzD49xI

    Score
    8/10
    upx

    • Modifies RDP port number used by Windows

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks