Overview

overview

7

Static

static

7

0b9b63fcda...AS.exe

windows7-x64

7

0b9b63fcda...AS.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0b9b63fcdab01932cb9ad77f1315da50_NEAS

  • Size

    304KB

  • Sample

    240507-kekxpage6y

  • MD5

    0b9b63fcdab01932cb9ad77f1315da50

  • SHA1

    37b2ff866f4698db8061f30a35d3bb4d386d58d0

  • SHA256

    06a6349c014d0272599509295273e678941bd45b5d4641cbef686ba2bc67f592

  • SHA512

    93417dde07b56a8d372121eb980c6bbcf5385b14c89981fa33d31d9053de24477c94844f7efe3b0ba6aa9bcf73a323a3c08aacfffd7d183150b69d57da4e547f

  • SSDEEP

    3072:ZA5SVkkgUWip7mUC7AdYzrV+Dljy/32ubwZZqJ:ZPUgxCkdYzrVolu/J0ZZ

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      0b9b63fcdab01932cb9ad77f1315da50_NEAS

    • Size

      304KB

    • MD5

      0b9b63fcdab01932cb9ad77f1315da50

    • SHA1

      37b2ff866f4698db8061f30a35d3bb4d386d58d0

    • SHA256

      06a6349c014d0272599509295273e678941bd45b5d4641cbef686ba2bc67f592

    • SHA512

      93417dde07b56a8d372121eb980c6bbcf5385b14c89981fa33d31d9053de24477c94844f7efe3b0ba6aa9bcf73a323a3c08aacfffd7d183150b69d57da4e547f

    • SSDEEP

      3072:ZA5SVkkgUWip7mUC7AdYzrV+Dljy/32ubwZZqJ:ZPUgxCkdYzrVolu/J0ZZ

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks