Overview

overview

8

Static

static

3

c151572502...c1.exe

windows7-x64

8

c151572502...c1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    c151572502398833fa87a10a75add6c1

  • Size

    465KB

  • Sample

    240311-w8998acg62

  • MD5

    c151572502398833fa87a10a75add6c1

  • SHA1

    583577ffcab0c2d17dda1eedbc35946d7fe13d09

  • SHA256

    acb06c9e07a564b07e130737f8bcc232668bc34ac153bf4397ef061f6a6184d2

  • SHA512

    70d3ecdc93256c99d28d2d3f0977eaf6fcf0f41fe3e5b971528ca9bd1a02aeb5de3dffe0b4a2125edcb27acc2b00de3a5b6d85edebd96fa38a9831a4824a31e9

  • SSDEEP

    12288:V9D5Xuei9lGTYS2L9aKs6QdP31nvT74BzP:L51i9lG0P2dPlbMBz

Score
8/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      c151572502398833fa87a10a75add6c1

    • Size

      465KB

    • MD5

      c151572502398833fa87a10a75add6c1

    • SHA1

      583577ffcab0c2d17dda1eedbc35946d7fe13d09

    • SHA256

      acb06c9e07a564b07e130737f8bcc232668bc34ac153bf4397ef061f6a6184d2

    • SHA512

      70d3ecdc93256c99d28d2d3f0977eaf6fcf0f41fe3e5b971528ca9bd1a02aeb5de3dffe0b4a2125edcb27acc2b00de3a5b6d85edebd96fa38a9831a4824a31e9

    • SSDEEP

      12288:V9D5Xuei9lGTYS2L9aKs6QdP31nvT74BzP:L51i9lG0P2dPlbMBz

    Score
    8/10
    evasionpersistenceupx

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks