Overview

overview

7

Static

static

3

b83e6b7c9e...40.exe

windows7-x64

7

b83e6b7c9e...40.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    b83e6b7c9ebc149ba60a288faf09d640

  • Size

    3.8MB

  • Sample

    240306-1e2s7sba2z

  • MD5

    b83e6b7c9ebc149ba60a288faf09d640

  • SHA1

    93c37f47fedf91fda0bb02ce51a1ee4af7703fa0

  • SHA256

    e5d0ca4e1b346c35bfc28a98321cf6c7a7f93f92275c60e8beebf94bfe07fbba

  • SHA512

    37aa1155fc2c1069357e5bdaaac6cc90cbdc530ebbc8c3f2832c57fcfdda550c2cda614311a18ec4344672f69bef0faa8b17b8b63d84d081092cc7828146f486

  • SSDEEP

    98304:Pm9OtyJNtdENpFVz+MDwpd40fu7IfH+JyYbXzc3DEex:POO+tONlZDw/pu7aHSyYs3bx

Score
7/10
discoveryevasionpersistencetrojanupx

Malware Config

Targets

    • Target

      b83e6b7c9ebc149ba60a288faf09d640

    • Size

      3.8MB

    • MD5

      b83e6b7c9ebc149ba60a288faf09d640

    • SHA1

      93c37f47fedf91fda0bb02ce51a1ee4af7703fa0

    • SHA256

      e5d0ca4e1b346c35bfc28a98321cf6c7a7f93f92275c60e8beebf94bfe07fbba

    • SHA512

      37aa1155fc2c1069357e5bdaaac6cc90cbdc530ebbc8c3f2832c57fcfdda550c2cda614311a18ec4344672f69bef0faa8b17b8b63d84d081092cc7828146f486

    • SSDEEP

      98304:Pm9OtyJNtdENpFVz+MDwpd40fu7IfH+JyYbXzc3DEex:POO+tONlZDw/pu7aHSyYs3bx

    Score
    7/10
    discoveryevasionpersistencetrojanupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks