608ed2cc7c1b992667b51f894df628e389520a1f447c790d8ef21e0cc75fa1e3 | Triage

Submit
Reports

Overview

overview

Static

static

3

0fe04be252...82.exe

windows7-x64

0fe04be252...82.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

0fe04be252ef427ce0eda2d563dcbb82
Size

2.4MB
Sample

231224-ywr9zsfhdk
MD5

0fe04be252ef427ce0eda2d563dcbb82
SHA1

53c03dc7ddd7be33ceb1d6e85e28fb59ae2b73fb
SHA256

608ed2cc7c1b992667b51f894df628e389520a1f447c790d8ef21e0cc75fa1e3
SHA512

60c120d38af734db23ea0072366e830e0d643ef51003ad71ac4e4687f6979feb6a8cc1542bffe3b2079e99b26ca4575be85912ab8f4d2a18eed5358a83891e12
SSDEEP

49152:MU3tlXIaVxQR1kDXWI68e2d9DXdUkRZYAAxug54kL3k98qs:Zj/TQ8GL8NddXukRKRugekYVs

Score

10^/10

evasion persistence trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0fe04be252ef427ce0eda2d563dcbb82.exe

Resource

win7-20231215-en

evasion persistence trojan upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

0fe04be252ef427ce0eda2d563dcbb82.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://galaint.onlinesecstats.info/?0=103&1=7&2=1&3=68&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=psfdoyxtrk&14=1

Targets

- Target
  
  0fe04be252ef427ce0eda2d563dcbb82
- Size
  
  2.4MB
- MD5
  
  0fe04be252ef427ce0eda2d563dcbb82
- SHA1
  
  53c03dc7ddd7be33ceb1d6e85e28fb59ae2b73fb
- SHA256
  
  608ed2cc7c1b992667b51f894df628e389520a1f447c790d8ef21e0cc75fa1e3
- SHA512
  
  60c120d38af734db23ea0072366e830e0d643ef51003ad71ac4e4687f6979feb6a8cc1542bffe3b2079e99b26ca4575be85912ab8f4d2a18eed5358a83891e12
- SSDEEP
  
  49152:MU3tlXIaVxQR1kDXWI68e2d9DXdUkRZYAAxug54kL3k98qs:Zj/TQ8GL8NddXukRKRugekYVs
Score

10^/10

evasion persistence trojan upx
- UAC bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Sets file execution options in registry
  persistence
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy