Behavioral task
behavioral1
Sample
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe
Resource
win10v2004-20231127-en
General
-
Target
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.zip
-
Size
4.0MB
-
MD5
687efe1533bcc03d7336f5c005d46ed4
-
SHA1
6070b395b735fb987d27e5415c8168d0eefbd23b
-
SHA256
c3b6b919a0bb74a042da9fe83dbe24886922ac73aeb454ffd7f75c7f01e36511
-
SHA512
a970b67074645dee777d1c874e8f53bf85e5dd95397a8da77c210351789ef7ca59566cf1e37b74a619f144ab19c5d6386532e26602728d4ef07b863adce42c6b
-
SSDEEP
98304:DWQql3WwzG9lJJucn+nzSMa2dKWqcIRfS:DNqdWw4JJQSidh/v
Malware Config
Signatures
-
Processes:
resource yara_rule static1/unpack001/69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe
Files
-
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.zip.zip
Password: infected
-
69d49e2e9cb21bebe0b8dfb1d6bb24eaac9a350590cae75b4705d5f9e9ec8c34.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 13.0MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 79KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE