Overview

overview

8

Static

static

7

becc4f101a...f0.exe

windows7-x64

8

becc4f101a...f0.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    becc4f101a409adbbda8a380425200f0

  • Size

    766KB

  • Sample

    240310-re1fpseb44

  • MD5

    becc4f101a409adbbda8a380425200f0

  • SHA1

    34b7e671cd56527ca3cf22336356528a97c67ca9

  • SHA256

    4439fff53d4812b1733f38a4cf7693d3a50d706720df9e0f6cc389214df7e090

  • SHA512

    7c44c457bc11df53f92d630fa91184d0556f31d9a994f5de9af38f1abd9e3ef9c729a9cde552ea615ff71117629e030164ee44c46dec2267c41d7a67c11a3488

  • SSDEEP

    12288:+pr0l24RzBr0HYKMWVLTPWxmHVDvXl1PmoDQH7mwK2UFO0ZqR:+rA24N9DKvV/PWc1/JDjrO0Zu

Score
8/10
evasionpersistencethemida

Malware Config

Targets

    • Target

      becc4f101a409adbbda8a380425200f0

    • Size

      766KB

    • MD5

      becc4f101a409adbbda8a380425200f0

    • SHA1

      34b7e671cd56527ca3cf22336356528a97c67ca9

    • SHA256

      4439fff53d4812b1733f38a4cf7693d3a50d706720df9e0f6cc389214df7e090

    • SHA512

      7c44c457bc11df53f92d630fa91184d0556f31d9a994f5de9af38f1abd9e3ef9c729a9cde552ea615ff71117629e030164ee44c46dec2267c41d7a67c11a3488

    • SSDEEP

      12288:+pr0l24RzBr0HYKMWVLTPWxmHVDvXl1PmoDQH7mwK2UFO0ZqR:+rA24N9DKvV/PWc1/JDjrO0Zu

    Score
    8/10
    evasionpersistencethemida

    • Modifies Installed Components in the registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks