Overview

overview

8

Static

static

3

518c488150...e6.exe

windows7-x64

7

518c488150...e6.exe

windows10-1703-x64

8

518c488150...e6.exe

windows10-2004-x64

7

518c488150...e6.exe

windows11-21h2-x64

8

Resubmissions

12-04-2024 13:47

240412-q3nalsdh8v 10

12-04-2024 13:47

240412-q3mn3sdh8t 10

12-04-2024 13:47

240412-q3mdbadh8s 10

12-04-2024 13:47

240412-q3lrsadh71 8

12-04-2024 13:47

240412-q3lf1sah48 8

09-04-2024 06:37

240409-hdnwvagf37 10

09-04-2024 06:36

240409-hdc5cagf32 10

09-04-2024 06:36

240409-hc3nlsgf24 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    518c488150a5d11ad06aeb133ce63696e2f3918d3c6c997f69ae8ebe9c3870e6

  • Size

    1.9MB

  • Sample

    240409-hc3nlsgf24

  • MD5

    86f2f5b1e021249025236f1c3a1935d4

  • SHA1

    4d102ec935c274bded67400a90dcd253fd57805f

  • SHA256

    518c488150a5d11ad06aeb133ce63696e2f3918d3c6c997f69ae8ebe9c3870e6

  • SHA512

    0f239c4ed770b0e03d0d0794cb3be21bcea2bc5fda5ac70ca057b92262f9c5362e98c5f672fc865a52f69c219e188a58e864ced8aa79fd127be92b1299259451

  • SSDEEP

    49152:YLEqi8ZJjjHXfcrkSzdthQO9dO/V1skL/cgNPvTsohB:YLH9DcrBT9yVjL/tRrsohB

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      518c488150a5d11ad06aeb133ce63696e2f3918d3c6c997f69ae8ebe9c3870e6

    • Size

      1.9MB

    • MD5

      86f2f5b1e021249025236f1c3a1935d4

    • SHA1

      4d102ec935c274bded67400a90dcd253fd57805f

    • SHA256

      518c488150a5d11ad06aeb133ce63696e2f3918d3c6c997f69ae8ebe9c3870e6

    • SHA512

      0f239c4ed770b0e03d0d0794cb3be21bcea2bc5fda5ac70ca057b92262f9c5362e98c5f672fc865a52f69c219e188a58e864ced8aa79fd127be92b1299259451

    • SSDEEP

      49152:YLEqi8ZJjjHXfcrkSzdthQO9dO/V1skL/cgNPvTsohB:YLH9DcrBT9yVjL/tRrsohB

    Score
    8/10
    persistenceupxdiscovery

    • Contacts a large (787) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks