Overview

overview

8

Static

static

3

bf711a8041...a6.exe

windows11-21h2-x64

8

bf711a8041...a6.exe

windows7-x64

8

bf711a8041...a6.exe

windows10-1703-x64

7

bf711a8041...a6.exe

windows10-2004-x64

7

bf711a8041...a6.exe

windows11-21h2-x64

7

Resubmissions

26/04/2024, 07:57

240426-jtn28acb7z 7

26/04/2024, 07:57

240426-jtm5xscc35 7

26/04/2024, 07:57

240426-jtmjdscc34 7

26/04/2024, 07:57

240426-jtlxvscc33 7

26/04/2024, 07:57

240426-jtll4acc32 7

25/04/2024, 13:12

240425-qff8saba5x 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    bf711a804180be42b3e783997bc96c0b57e55a84c8fb9c91b8f85356d16d66a6

  • Size

    1.8MB

  • Sample

    240425-qff8saba5x

  • MD5

    a5373af0c48a42a8ba50434e68766ba9

  • SHA1

    40e532e24c32a1f68d127f0598c96cf5e03af00f

  • SHA256

    bf711a804180be42b3e783997bc96c0b57e55a84c8fb9c91b8f85356d16d66a6

  • SHA512

    a526c9d6797af5c6071bfb60b0b9cc540e08ac7af9ac16d977dd86bfd81e3013fb6cf763f3397b8be3d03ac02013045d2761c956c4687b270e105fd2b2065ebf

  • SSDEEP

    49152:lsE6hiwv8oNhqbOpn1jJz5eRY4YSl+COVA:G1hF1CkFwRY4YSkCO

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      bf711a804180be42b3e783997bc96c0b57e55a84c8fb9c91b8f85356d16d66a6

    • Size

      1.8MB

    • MD5

      a5373af0c48a42a8ba50434e68766ba9

    • SHA1

      40e532e24c32a1f68d127f0598c96cf5e03af00f

    • SHA256

      bf711a804180be42b3e783997bc96c0b57e55a84c8fb9c91b8f85356d16d66a6

    • SHA512

      a526c9d6797af5c6071bfb60b0b9cc540e08ac7af9ac16d977dd86bfd81e3013fb6cf763f3397b8be3d03ac02013045d2761c956c4687b270e105fd2b2065ebf

    • SSDEEP

      49152:lsE6hiwv8oNhqbOpn1jJz5eRY4YSl+COVA:G1hF1CkFwRY4YSkCO

    Score
    8/10
    discoverypersistenceupx

    • Contacts a large (811) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks