Overview

overview

8

Static

static

3

c4f00ad34b...9a.exe

windows7-x64

8

c4f00ad34b...9a.exe

windows7-x64

7

c4f00ad34b...9a.exe

windows10-1703-x64

8

c4f00ad34b...9a.exe

windows10-2004-x64

8

c4f00ad34b...9a.exe

windows11-21h2-x64

7

Resubmissions

26/04/2024, 07:25

240426-h847babf2x 8

26/04/2024, 07:25

240426-h84wjsbf2w 10

26/04/2024, 07:25

240426-h815nabf2s 8

26/04/2024, 07:25

240426-h81h5abe91 10

26/04/2024, 07:25

240426-h8za3abe9x 7

25/04/2024, 13:12

240425-qfq3zsba6t 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4f00ad34b1347583b292acacbca0ee00e9dd594519e26f22da895ecf6002b9a

  • Size

    1.9MB

  • Sample

    240425-qfq3zsba6t

  • MD5

    15184ed11b2354eda1f1787dcbbcf04a

  • SHA1

    f21cfdfdb3d6be8054cd9b5f21ac39ef2ec28011

  • SHA256

    c4f00ad34b1347583b292acacbca0ee00e9dd594519e26f22da895ecf6002b9a

  • SHA512

    1fa8bfb44652654cb0fc72c793ddd4431a1ee293b326fae7d4095bde00cd4717cd5cdcffaaba8cdccb43e5bceae19574661caca4e8011b0d22c67ab34ce761ab

  • SSDEEP

    49152:S3fAWuVHSdrO+tzwZHkr+8d3OCWwhdGshy5N7gQwgY9P:S3fAWubyzn7+3whNw7wg

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      c4f00ad34b1347583b292acacbca0ee00e9dd594519e26f22da895ecf6002b9a

    • Size

      1.9MB

    • MD5

      15184ed11b2354eda1f1787dcbbcf04a

    • SHA1

      f21cfdfdb3d6be8054cd9b5f21ac39ef2ec28011

    • SHA256

      c4f00ad34b1347583b292acacbca0ee00e9dd594519e26f22da895ecf6002b9a

    • SHA512

      1fa8bfb44652654cb0fc72c793ddd4431a1ee293b326fae7d4095bde00cd4717cd5cdcffaaba8cdccb43e5bceae19574661caca4e8011b0d22c67ab34ce761ab

    • SSDEEP

      49152:S3fAWuVHSdrO+tzwZHkr+8d3OCWwhdGshy5N7gQwgY9P:S3fAWubyzn7+3whNw7wg

    Score
    8/10
    discoverypersistenceupx

    • Contacts a large (732) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks