Overview

overview

8

Static

static

3

07b2944da0...a8.exe

windows7-x64

8

07b2944da0...a8.exe

windows10-1703-x64

8

07b2944da0...a8.exe

windows10-2004-x64

7

07b2944da0...a8.exe

windows11-21h2-x64

7

Resubmissions

09/04/2024, 10:01

240409-l2cehacb92 7

09/04/2024, 10:01

240409-l16xqacb87 8

09/04/2024, 10:00

240409-l16a7afe31 9

09/04/2024, 10:00

240409-l151esfe3z 8

02/02/2024, 03:32

240202-d3q1aacge5 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07b2944da083c2d739d187b1b564f355a42154c0a9ad8eb8aa0767d283f431a8

  • Size

    1.9MB

  • Sample

    240409-l151esfe3z

  • MD5

    fec37d48f184bc1d09ce85e2ce417aab

  • SHA1

    dc3d58d79ba2e72ed78acb260cd70ef6a04ee3d8

  • SHA256

    07b2944da083c2d739d187b1b564f355a42154c0a9ad8eb8aa0767d283f431a8

  • SHA512

    ce9e0f2abc1378c450893ceeb1346218a951c70276732e1a9b54995b897d4b43798e074e722b360581402112548976d09417df0498c6dbc17a0e72e44cef0dbb

  • SSDEEP

    49152:R5jTWFcRVUjH+9T7louxwP9UY2s1i5+tZPW2MpryeUUs:R5jxwe9FqOY2s1TPW2KryO

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      07b2944da083c2d739d187b1b564f355a42154c0a9ad8eb8aa0767d283f431a8

    • Size

      1.9MB

    • MD5

      fec37d48f184bc1d09ce85e2ce417aab

    • SHA1

      dc3d58d79ba2e72ed78acb260cd70ef6a04ee3d8

    • SHA256

      07b2944da083c2d739d187b1b564f355a42154c0a9ad8eb8aa0767d283f431a8

    • SHA512

      ce9e0f2abc1378c450893ceeb1346218a951c70276732e1a9b54995b897d4b43798e074e722b360581402112548976d09417df0498c6dbc17a0e72e44cef0dbb

    • SSDEEP

      49152:R5jTWFcRVUjH+9T7louxwP9UY2s1i5+tZPW2MpryeUUs:R5jxwe9FqOY2s1TPW2KryO

    Score
    8/10
    discoverypersistenceupx

    • Contacts a large (730) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks