3a7c95447f140a42609450d4fbcfbdb398aef5e2399d524d28d603e4d1d5e8d8 | Triage

Submit
Reports

Overview

overview

Static

static

3

28ca8ca83b...b3.exe

windows7-x64

28ca8ca83b...b3.exe

windows10-2004-x64

7

Sharing

General

Target

28ca8ca83bb67295b58b77dbb80459b3
Size

2.2MB
Sample

231225-sqnfysfefn
MD5

28ca8ca83bb67295b58b77dbb80459b3
SHA1

8b769a57086dfd7b8f200eabcc50ab2157d2069a
SHA256

3a7c95447f140a42609450d4fbcfbdb398aef5e2399d524d28d603e4d1d5e8d8
SHA512

95d54a7175a39ac3f7d35e7eefee35523c0032756016ae65dbb4149dffa4df96e07ef650af90c038570161af60c761f9408006bb148702ccf8c2216bc7336b99
SSDEEP

49152:L5Gsw9VgDQJ8L4gRUTdGh939Q8hGChOMn13djv/MEql:LJw9VLbgeTsHsChDdD/Ta

Score

10^/10

evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28ca8ca83bb67295b58b77dbb80459b3.exe

Resource

win7-20231215-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

28ca8ca83bb67295b58b77dbb80459b3.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://galaint.realsecson-line.info/?0=176&1=0&2=1&3=75&4=i&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=1111&12=xjhkttcdfu&14=1

Targets

- Target
  
  28ca8ca83bb67295b58b77dbb80459b3
- Size
  
  2.2MB
- MD5
  
  28ca8ca83bb67295b58b77dbb80459b3
- SHA1
  
  8b769a57086dfd7b8f200eabcc50ab2157d2069a
- SHA256
  
  3a7c95447f140a42609450d4fbcfbdb398aef5e2399d524d28d603e4d1d5e8d8
- SHA512
  
  95d54a7175a39ac3f7d35e7eefee35523c0032756016ae65dbb4149dffa4df96e07ef650af90c038570161af60c761f9408006bb148702ccf8c2216bc7336b99
- SSDEEP
  
  49152:L5Gsw9VgDQJ8L4gRUTdGh939Q8hGChOMn13djv/MEql:LJw9VLbgeTsHsChDdD/Ta
Score

10^/10

evasion upx
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy