Overview

overview

10

Static

static

3

50f2c72e8e...ae.exe

windows7-x64

10

50f2c72e8e...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    50f2c72e8e901b9c500f1cedaa5d03237d8de584fb6d7361db1dc11279abb2ae

  • Size

    1.8MB

  • Sample

    240325-xjbwssfg74

  • MD5

    f9a94cde16be5d0cf2d7deeef98085fe

  • SHA1

    1c010b6d206d3d59fcdc7ed17d5259ffb6ba7dd5

  • SHA256

    50f2c72e8e901b9c500f1cedaa5d03237d8de584fb6d7361db1dc11279abb2ae

  • SHA512

    ee3f02b0097659caa84db07c530f055d616f0fbbe56f15086014fdcde5728475a01cc129c3dfdaacbd948729f12f1db4d894bd0d22e619791557693ca8e0d30d

  • SSDEEP

    49152:RNMqQ0kwonLVkZep9nWrPWwONrRoODiGgDWAg2CPaSAnYvJW3BTSXff6YNQVWIPw:RiqQ0kwonLVkZep9nWrPWwONrRoODiGX

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      50f2c72e8e901b9c500f1cedaa5d03237d8de584fb6d7361db1dc11279abb2ae

    • Size

      1.8MB

    • MD5

      f9a94cde16be5d0cf2d7deeef98085fe

    • SHA1

      1c010b6d206d3d59fcdc7ed17d5259ffb6ba7dd5

    • SHA256

      50f2c72e8e901b9c500f1cedaa5d03237d8de584fb6d7361db1dc11279abb2ae

    • SHA512

      ee3f02b0097659caa84db07c530f055d616f0fbbe56f15086014fdcde5728475a01cc129c3dfdaacbd948729f12f1db4d894bd0d22e619791557693ca8e0d30d

    • SSDEEP

      49152:RNMqQ0kwonLVkZep9nWrPWwONrRoODiGgDWAg2CPaSAnYvJW3BTSXff6YNQVWIPw:RiqQ0kwonLVkZep9nWrPWwONrRoODiGX

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks