02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a | Triage

Submit
Reports

Overview

overview

8

Static

static

7

02bf70831a...9a.exe

windows7-x64

8

02bf70831a...9a.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a
Size

223KB
Sample

231123-fr6mpsgb49
MD5

3f1ed476bceeca442393f5e36fa68cd8
SHA1

03a302374522db1d8b66286c53cc6b6d6089584f
SHA256

02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a
SHA512

34162a317612547bfee962d3536f42a58e6e2ed10d4c9658154e93c960608df6544222fe03d28893afd15f0fab42593be371aff2954f850afc5e3d0a67cae03c
SSDEEP

6144:KwPSUONLNsuWA7koN+boRN3i4CbRcyXLAE:KOuW5o/+Rc

Score

8^/10

upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a.exe

Resource

win7-20231020-en

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a
- Size
  
  223KB
- MD5
  
  3f1ed476bceeca442393f5e36fa68cd8
- SHA1
  
  03a302374522db1d8b66286c53cc6b6d6089584f
- SHA256
  
  02bf70831ab4e561285a6848289999767982af261d477f275fc4d77e7868509a
- SHA512
  
  34162a317612547bfee962d3536f42a58e6e2ed10d4c9658154e93c960608df6544222fe03d28893afd15f0fab42593be371aff2954f850afc5e3d0a67cae03c
- SSDEEP
  
  6144:KwPSUONLNsuWA7koN+boRN3i4CbRcyXLAE:KOuW5o/+Rc
Score

8^/10

upx
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy