a5a2cf98c2b3cfc7ff854aaf68e4090ead6ebbcb0f8a8702e7a310705fd1bf4c

Resubmissions

23-05-2024 01:58

240523-cdy4xshf2y 7

23-05-2024 01:54

240523-cbqprshe2w 7

29-03-2024 02:04

240329-chhyhaeg7y 8

Sharing

Copy URL

Twitter E-mail

General

Target

16302756437.zip
Size

22.8MB
Sample

240329-chhyhaeg7y
MD5

1bfc3be6a9e95424b45ad746796366be
SHA1

cd771dacbb571137bd1421a93583235cc7b621ec
SHA256

a5a2cf98c2b3cfc7ff854aaf68e4090ead6ebbcb0f8a8702e7a310705fd1bf4c
SHA512

16dffa1f5209804ee79ce1079cf5b3cb9776bbaa44df6b4cea2b0e5881233fb6eca28df2e5d775bcc54b31b1e4dff1879387e0b91260d42a9411545a597682f1
SSDEEP

393216:JjsymbG1yqe57JlZS/KXHm3FgKqVqUHCpGC3X9thNQN/ES+2xHfDm3cBoEZWkP:JjPmSU957j/3HLuXU5+QHrawt

Score

8^/10

evasion upx

Malware Config

Targets

- Target
  
  5cba18cec813dda56d285653b61653dc3df7e3ac24ca8d8d4e4d4fb7707dc37f
- Size
  
  23.1MB
- MD5
  
  8732f7f7940028fed948bf5e0065a609
- SHA1
  
  430ff61efa0e21f942fd46db6706dd792b086f45
- SHA256
  
  5cba18cec813dda56d285653b61653dc3df7e3ac24ca8d8d4e4d4fb7707dc37f
- SHA512
  
  50c4035a08b455b06a85362a82cafb722a5f08dddc85876c3d28f0559d72d36373e273125c23a2e7951bc15a0ad0b8d117df0032797a8c527c40e1505205f271
- SSDEEP
  
  393216:WUyLY6aTqS6jd+y3PjYyaRlPofnk40RR12NW3oz6KSaAppfWfl9WMz3hzpf70ENI:PwCqXd3Pjpulg/k9R+Y3G1LaFWVz3xRS
Score

8^/10

upx evasion
- Modifies Windows Firewall
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Modifies Windows Firewall

ACProtect 1.3x - 1.4x DLL software

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2