Overview

overview

9

Static

static

1

21200445bf...54.exe

windows7-x64

9

21200445bf...54.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    21200445bfaf5f9cb344d7f59a7eb7e2b0eb81c82f9fb6d112f15a337a712e54

  • Size

    279KB

  • Sample

    240422-yf6sfafc79

  • MD5

    df04bfd9315eef237bee1875de978f67

  • SHA1

    ab3e27e124ec370dd9caf8857c62a4218174159d

  • SHA256

    21200445bfaf5f9cb344d7f59a7eb7e2b0eb81c82f9fb6d112f15a337a712e54

  • SHA512

    a34634e8df7b6672860125560a483d42613ed21c95f17344cd2e02f920a08ed93f563a41e6a56d2b9ea3275dddb3d1182a5bba439110594ad1026efee2ecdcb3

  • SSDEEP

    6144:CxpOgDPdkBAFZWaadD4s5Ls2jMR41LVyyQBV+UdvrEFp7hKgQzaP:CxpOgLdaFZjpVy7BjvrEH7LQzm

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      21200445bfaf5f9cb344d7f59a7eb7e2b0eb81c82f9fb6d112f15a337a712e54

    • Size

      279KB

    • MD5

      df04bfd9315eef237bee1875de978f67

    • SHA1

      ab3e27e124ec370dd9caf8857c62a4218174159d

    • SHA256

      21200445bfaf5f9cb344d7f59a7eb7e2b0eb81c82f9fb6d112f15a337a712e54

    • SHA512

      a34634e8df7b6672860125560a483d42613ed21c95f17344cd2e02f920a08ed93f563a41e6a56d2b9ea3275dddb3d1182a5bba439110594ad1026efee2ecdcb3

    • SSDEEP

      6144:CxpOgDPdkBAFZWaadD4s5Ls2jMR41LVyyQBV+UdvrEFp7hKgQzaP:CxpOgLdaFZjpVy7BjvrEH7LQzm

    Score
    9/10
    persistenceupx

    • UPX dump on OEP (original entry point)

    • Modifies AppInit DLL entries

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks