24c1564f9c4251dd978c6bbd44a13132846d32448710effe7d1982ddb310c0a2 | Triage

Submit
Reports

Overview

overview

Static

static

7

8b1b33504a...7a.exe

windows7-x64

8b1b33504a...7a.exe

windows10-2004-x64

Sharing

General

Target

8b1b33504ac257c5c245d3cfe1b1417a
Size

152KB
Sample

240203-cgx12aggep
MD5

8b1b33504ac257c5c245d3cfe1b1417a
SHA1

2e80c75450e9b819286a82046cc9fb539d0bedcb
SHA256

24c1564f9c4251dd978c6bbd44a13132846d32448710effe7d1982ddb310c0a2
SHA512

970d4e9559d0d0744792ba0f1b5af28072afcfeaa8fd4ec98a805a6398bb1bd68d5f9098a34fcbb6dd459f0ded864da84d2db008aaf22e9dcd9b5798e2687fb9
SSDEEP

3072:a/yOelLSYvfVKqaX7swC4Xz/h9wfaWeS/1zVs3INerkpQKNCWrEd:2yOGLxvfVvG7s4Xbh9wflbdzVx15NHra

Score

10^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8b1b33504ac257c5c245d3cfe1b1417a.exe

Resource

win7-20231215-en

persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b1b33504ac257c5c245d3cfe1b1417a.exe

Resource

win10v2004-20231215-en

persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  8b1b33504ac257c5c245d3cfe1b1417a
- Size
  
  152KB
- MD5
  
  8b1b33504ac257c5c245d3cfe1b1417a
- SHA1
  
  2e80c75450e9b819286a82046cc9fb539d0bedcb
- SHA256
  
  24c1564f9c4251dd978c6bbd44a13132846d32448710effe7d1982ddb310c0a2
- SHA512
  
  970d4e9559d0d0744792ba0f1b5af28072afcfeaa8fd4ec98a805a6398bb1bd68d5f9098a34fcbb6dd459f0ded864da84d2db008aaf22e9dcd9b5798e2687fb9
- SSDEEP
  
  3072:a/yOelLSYvfVKqaX7swC4Xz/h9wfaWeS/1zVs3INerkpQKNCWrEd:2yOGLxvfVvG7s4Xbh9wflbdzVx15NHra
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy