dfcc0b47d75022bd76c0f9d6baf3136cead186b6399869f397bd100e8eed7e24 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

mediafire-...-1.exe

windows7-x64

6

mediafire-...-1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

mediafire-desktop-1.4.29.10845-installer_Xhatd-1.exe
Size

1.7MB
Sample

231125-3cr74ade45
MD5

b76156a323f28754903f8fbd28d956a8
SHA1

9dbc7fff8f0a85c0e2c4b4946514396fbe73a498
SHA256

dfcc0b47d75022bd76c0f9d6baf3136cead186b6399869f397bd100e8eed7e24
SHA512

1a83b93b77cdfada27496fed2ab4e98175cfa0a133902403ccc070644cb632fcfb58bf97f1695a803fc50929752fa585c560183c427be22b39af0738b4fd0d00
SSDEEP

24576:q7FUDowAyrTVE3U5F/8/CdV8bJLdy+anE+Q05YHwkQyIrvKuO:qBuZrEUF/4LFanr5YQkkrKf

Score

8^/10

evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

mediafire-desktop-1.4.29.10845-installer_Xhatd-1.exe

Resource

win7-20231023-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

mediafire-desktop-1.4.29.10845-installer_Xhatd-1.exe

Resource

win10v2004-20231023-en

evasion persistence trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  mediafire-desktop-1.4.29.10845-installer_Xhatd-1.exe
- Size
  
  1.7MB
- MD5
  
  b76156a323f28754903f8fbd28d956a8
- SHA1
  
  9dbc7fff8f0a85c0e2c4b4946514396fbe73a498
- SHA256
  
  dfcc0b47d75022bd76c0f9d6baf3136cead186b6399869f397bd100e8eed7e24
- SHA512
  
  1a83b93b77cdfada27496fed2ab4e98175cfa0a133902403ccc070644cb632fcfb58bf97f1695a803fc50929752fa585c560183c427be22b39af0738b4fd0d00
- SSDEEP
  
  24576:q7FUDowAyrTVE3U5F/8/CdV8bJLdy+anE+Q05YHwkQyIrvKuO:qBuZrEUF/4LFanr5YQkkrKf
Score

8^/10

evasion persistence trojan upx
- Downloads MZ/PE file
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencetrojanupx

© 2018-2025

Terms | Privacy