Overview

overview

10

Static

static

3

2d5b728153...17.exe

windows7-x64

10

2d5b728153...17.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2d5b7281531e01f2e4b686c821908c17

  • Size

    484KB

  • Sample

    231231-h98k5aabf6

  • MD5

    2d5b7281531e01f2e4b686c821908c17

  • SHA1

    ab6a0c19e09ddb8e8eae4f30170c0ab7abc2e8bf

  • SHA256

    81549da4d4f5f26a7bd974b5269af840868d0659b52eb76fc4bd1ed681d90067

  • SHA512

    4422e9e5bce02f2fc63d1db2ff1cd6baddeb604fea9819118337aeb47e1fa1ba820384a8d4fc4422ba63da0da98afa4a162147b719e8327932f6dcdcc5e4d5f7

  • SSDEEP

    12288:GoUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:Q92ILECd0R15XZS3QafpDNUQ

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      2d5b7281531e01f2e4b686c821908c17

    • Size

      484KB

    • MD5

      2d5b7281531e01f2e4b686c821908c17

    • SHA1

      ab6a0c19e09ddb8e8eae4f30170c0ab7abc2e8bf

    • SHA256

      81549da4d4f5f26a7bd974b5269af840868d0659b52eb76fc4bd1ed681d90067

    • SHA512

      4422e9e5bce02f2fc63d1db2ff1cd6baddeb604fea9819118337aeb47e1fa1ba820384a8d4fc4422ba63da0da98afa4a162147b719e8327932f6dcdcc5e4d5f7

    • SSDEEP

      12288:GoUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:Q92ILECd0R15XZS3QafpDNUQ

    Score
    10/10
    evasionpersistenceupx

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks