Overview

overview

10

Static

static

3

1863f84553...cc.exe

windows7-x64

1

1863f84553...cc.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1863f84553ead58a74004e41be4e23cc

  • Size

    222KB

  • Sample

    231230-pkf8xaabg5

  • MD5

    1863f84553ead58a74004e41be4e23cc

  • SHA1

    e614f583c4f17642682df7f604417d2208062535

  • SHA256

    e814e0a9b93c0be268ec5a9e168fde604a0cfb069af601c33ebddf8e4208d81c

  • SHA512

    f469dd5b2aa29157dbbb986b61713245429d6d82b2eaf312d490bc146211330a3fd10717167b85556b4eb85050ef3cb15b2dd89c2a80062f9ee937e21c675877

  • SSDEEP

    3072:Ab9AIoP3C08xt5jsfnYK807DqE3caGgiYimE3k4FxUWE0FPSSCgr0ZyewGgSr:iyM5AfYKV7WEsbgJ0fxUqPSSCPye/

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      1863f84553ead58a74004e41be4e23cc

    • Size

      222KB

    • MD5

      1863f84553ead58a74004e41be4e23cc

    • SHA1

      e614f583c4f17642682df7f604417d2208062535

    • SHA256

      e814e0a9b93c0be268ec5a9e168fde604a0cfb069af601c33ebddf8e4208d81c

    • SHA512

      f469dd5b2aa29157dbbb986b61713245429d6d82b2eaf312d490bc146211330a3fd10717167b85556b4eb85050ef3cb15b2dd89c2a80062f9ee937e21c675877

    • SSDEEP

      3072:Ab9AIoP3C08xt5jsfnYK807DqE3caGgiYimE3k4FxUWE0FPSSCgr0ZyewGgSr:iyM5AfYKV7WEsbgJ0fxUqPSSCPye/

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Adds policy Run key to start application

      persistence

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks