Overview

overview

7

Static

static

7

2fd909b006...af.exe

windows7-x64

7

2fd909b006...af.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fd909b0064cfb45888c0e2ed57057af

  • Size

    134KB

  • Sample

    231225-vp68sadhc5

  • MD5

    2fd909b0064cfb45888c0e2ed57057af

  • SHA1

    8025a807f067e975467fc6f01fb5ea80706ace35

  • SHA256

    8e18ce0fcf3a245cd6c93befaac0b7c9ec9da415dbfe2dcd5460af71d01a9883

  • SHA512

    32023b34503ad33093d17238992855de938daab54bb2a97df7f92264fe24074944d3891cd031d05a579caead58ce96396c2b2aa266b5d7ee5d33dbc3528e2d6c

  • SSDEEP

    3072:Dxaw7lEvFCsE8uKqMJBrHnsAWNqubkdBytQlaVrAUdB1/:TlFstuKqMJ9Hn5WNqub/tpV841

Score
7/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      2fd909b0064cfb45888c0e2ed57057af

    • Size

      134KB

    • MD5

      2fd909b0064cfb45888c0e2ed57057af

    • SHA1

      8025a807f067e975467fc6f01fb5ea80706ace35

    • SHA256

      8e18ce0fcf3a245cd6c93befaac0b7c9ec9da415dbfe2dcd5460af71d01a9883

    • SHA512

      32023b34503ad33093d17238992855de938daab54bb2a97df7f92264fe24074944d3891cd031d05a579caead58ce96396c2b2aa266b5d7ee5d33dbc3528e2d6c

    • SSDEEP

      3072:Dxaw7lEvFCsE8uKqMJBrHnsAWNqubkdBytQlaVrAUdB1/:TlFstuKqMJ9Hn5WNqub/tpV841

    Score
    7/10
    evasionpersistencetrojanupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks