2733f90b77a0b67f033a5188ca6d1a46e754dff03b5656dafb034d523e121c92 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

dcf1c76b4c...e2.exe

windows7-x64

9

dcf1c76b4c...e2.exe

windows10-2004-x64

9

Sharing

General

Target

dcf1c76b4cb0fa5dade95544bc704ee2
Size

1.4MB
Sample

240325-b83vxscg24
MD5

dcf1c76b4cb0fa5dade95544bc704ee2
SHA1

c3a7e2355af9688be570175b05d86dd568180a32
SHA256

2733f90b77a0b67f033a5188ca6d1a46e754dff03b5656dafb034d523e121c92
SHA512

42723a99564bedb335926c71ba2e2f0442ea31ceec25aa79cf9bf2d4fdd76f3abefa3aa834eba4c7d258cea23393aef05d7cbf04297074f36d8ab6e19e9f167a
SSDEEP

24576:b6yJMY9UFoRDhkeYM1jJR97zUbia9JVe0hs5WfBiERJchVML1bT6E7:GY9UORVOM1jJHzaiape0hsABFRJch6Lv

Score

9^/10

rezer0 upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dcf1c76b4cb0fa5dade95544bc704ee2.exe

Resource

win7-20240221-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

dcf1c76b4cb0fa5dade95544bc704ee2.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  dcf1c76b4cb0fa5dade95544bc704ee2
- Size
  
  1.4MB
- MD5
  
  dcf1c76b4cb0fa5dade95544bc704ee2
- SHA1
  
  c3a7e2355af9688be570175b05d86dd568180a32
- SHA256
  
  2733f90b77a0b67f033a5188ca6d1a46e754dff03b5656dafb034d523e121c92
- SHA512
  
  42723a99564bedb335926c71ba2e2f0442ea31ceec25aa79cf9bf2d4fdd76f3abefa3aa834eba4c7d258cea23393aef05d7cbf04297074f36d8ab6e19e9f167a
- SSDEEP
  
  24576:b6yJMY9UFoRDhkeYM1jJR97zUbia9JVe0hs5WfBiERJchVML1bT6E7:GY9UORVOM1jJHzaiape0hsABFRJch6Lv
Score

9^/10

rezer0 upx
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy