Overview

overview

7

Static

static

3

beans (1).exe

windows7-x64

7

beans (1).exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beans (1).exe

  • Size

    15.2MB

  • Sample

    240311-t7zqzsaf47

  • MD5

    4e69c18f43d1d194bbb9aefc7338d494

  • SHA1

    d0db4dc95f93332699f8c09283db0d61340f5ffa

  • SHA256

    ae4070d4d1d148f1bbaa61472c5202c4e0ee6f87be1a2e2925092a07510c9515

  • SHA512

    675b3a9981f63062b807eee84fe05ba8dcb77a966075778bbcd4c91f9c6a4dd100ba002bf64cc3f0fceab6c1f62ac91575f2c6e9264dbfd8c280d1127e7696a1

  • SSDEEP

    393216:50OJk/W4I8hlzFiibL2Vmd6mM0Gzajj3rzmAvlSR+mY1irEhhxC1YVSv:mOJZ4hF7yVmdEEjbzmXAmihf8

Score
7/10
discoverypersistencepyinstallerupx

Malware Config

Targets

    • Target

      beans (1).exe

    • Size

      15.2MB

    • MD5

      4e69c18f43d1d194bbb9aefc7338d494

    • SHA1

      d0db4dc95f93332699f8c09283db0d61340f5ffa

    • SHA256

      ae4070d4d1d148f1bbaa61472c5202c4e0ee6f87be1a2e2925092a07510c9515

    • SHA512

      675b3a9981f63062b807eee84fe05ba8dcb77a966075778bbcd4c91f9c6a4dd100ba002bf64cc3f0fceab6c1f62ac91575f2c6e9264dbfd8c280d1127e7696a1

    • SSDEEP

      393216:50OJk/W4I8hlzFiibL2Vmd6mM0Gzajj3rzmAvlSR+mY1irEhhxC1YVSv:mOJZ4hF7yVmdEEjbzmXAmihf8

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks