Overview

overview

7

Static

static

3

0e0f1e9b6e...3b.exe

windows7-x64

7

0e0f1e9b6e...3b.exe

windows10-1703-x64

7

0e0f1e9b6e...3b.exe

windows10-2004-x64

7

0e0f1e9b6e...3b.exe

windows11-21h2-x64

7

Resubmissions

12/04/2024, 14:12

240412-rjbyxaba69 10

12/04/2024, 13:53

240412-q61p4sea2y 8

12/04/2024, 13:52

240412-q6cy2sea2v 7

12/04/2024, 13:51

240412-q6cchsea2s 10

12/04/2024, 13:51

240412-q6b2raah72 10

09/04/2024, 06:39

240409-heygnsca4y 8

09/04/2024, 06:39

240409-hern5agf52 8

09/04/2024, 06:38

240409-heg5pagf47 10

09/04/2024, 06:38

240409-hebmxagf45 8

18/12/2023, 04:48

231218-fe484sadc4 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e0f1e9b6ef23a6f9a81442521969df413664441c8da9c0de75395827d61763b

  • Size

    1.9MB

  • Sample

    240412-q6cy2sea2v

  • MD5

    1543d5f2bf658fb837d5aabf4c81d6c1

  • SHA1

    f7d25bba549095a63e75174a6318aae83fca1326

  • SHA256

    0e0f1e9b6ef23a6f9a81442521969df413664441c8da9c0de75395827d61763b

  • SHA512

    569d08943cf4e12a0f87d01760f8aa60cf20cb846f49724ee827585f6670f33f3dc3e088e453ec2bb9f490b66d1a16153c435d9f7cb9ffab98cf23c481227e36

  • SSDEEP

    49152:gWRJu3Kbha03xUDhZSG5JgFCDT72+yZR64ooyHWUUz7fY0vE:gdU/WDhc7FNZR/h3

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      0e0f1e9b6ef23a6f9a81442521969df413664441c8da9c0de75395827d61763b

    • Size

      1.9MB

    • MD5

      1543d5f2bf658fb837d5aabf4c81d6c1

    • SHA1

      f7d25bba549095a63e75174a6318aae83fca1326

    • SHA256

      0e0f1e9b6ef23a6f9a81442521969df413664441c8da9c0de75395827d61763b

    • SHA512

      569d08943cf4e12a0f87d01760f8aa60cf20cb846f49724ee827585f6670f33f3dc3e088e453ec2bb9f490b66d1a16153c435d9f7cb9ffab98cf23c481227e36

    • SSDEEP

      49152:gWRJu3Kbha03xUDhZSG5JgFCDT72+yZR64ooyHWUUz7fY0vE:gdU/WDhc7FNZR/h3

    Score
    7/10
    persistenceupxdiscovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks