Overview

overview

7

Static

static

3

391666d406...89.exe

windows7-x64

7

391666d406...89.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    391666d406f725aed5f387bac1d70789

  • Size

    1.3MB

  • Sample

    231231-rc9atsacbk

  • MD5

    391666d406f725aed5f387bac1d70789

  • SHA1

    e258a5d50ce762617235af9cfa1a081ac091f32a

  • SHA256

    46178572ae7ce7ea98c093e5ea7a09af9e8d367e7bf830d131ff1413f4488815

  • SHA512

    2abb3d5d1c74c5c3079bfa2830c896de4f8a7c9280996fb8613ddc3f7cc15e812673b3aa7aa8742a93c64662638672016b5e3cbf4a4d9c162e5ef30b154ef352

  • SSDEEP

    24576:Yrl4YBHXOjXaJg50owib4FHF7+wPz/wH8wz/pywAMMNOB284bA52qm:Yqi+l3wibU/nwz/p94Nyusm

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      391666d406f725aed5f387bac1d70789

    • Size

      1.3MB

    • MD5

      391666d406f725aed5f387bac1d70789

    • SHA1

      e258a5d50ce762617235af9cfa1a081ac091f32a

    • SHA256

      46178572ae7ce7ea98c093e5ea7a09af9e8d367e7bf830d131ff1413f4488815

    • SHA512

      2abb3d5d1c74c5c3079bfa2830c896de4f8a7c9280996fb8613ddc3f7cc15e812673b3aa7aa8742a93c64662638672016b5e3cbf4a4d9c162e5ef30b154ef352

    • SSDEEP

      24576:Yrl4YBHXOjXaJg50owib4FHF7+wPz/wH8wz/pywAMMNOB284bA52qm:Yqi+l3wibU/nwz/p94Nyusm

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks