Overview

overview

8

Static

static

3

Image logg...ng.exe

windows7-x64

7

Image logg...ng.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Image_logger.zip

  • Size

    7.5MB

  • Sample

    240511-md5xksfc26

  • MD5

    a7d128dcbdb1b8066cd728a2cb7b7fd3

  • SHA1

    79e9bcb321d8561be0553e38355fdaec70f7c4fa

  • SHA256

    f5b86b39ea504f53057e39de577fa8f3ec35cd89341604914aa01c1bb80fe771

  • SHA512

    9ac43372b0d721d3dc2a5768a959b70dbb16156f7e4d675fb5cb15ede85e80e2583c26d3882fd6ea62853c272317a26e85ce95866625b9b5b941579431317cd5

  • SSDEEP

    196608:be5Rym5scyrNROXQxE3fjRC+D3owHwjeu:be5Imr4OxPjJowHwjeu

Score
8/10
executionupx

Malware Config

Targets

    • Target

      Image logger/Imagelogger.png.exe

    • Size

      7.8MB

    • MD5

      94f4491e716e038069a1a47802c6ccb1

    • SHA1

      9415709b1b9d8148ec22dd8d03d3e0ddc75e7ad1

    • SHA256

      c426c4c9652f014060f3a4c6f700c2abc27190402a81126cf9a11ca6d5bf7bdb

    • SHA512

      19a7b17d1e38ab68f6f63d3478d2154f5ee13acfb278eb00f7496e4248adac3b1e68ab1f7aa308ba056e259e936dd5fc38373c6bbea142279f8e4dc9ddf54037

    • SSDEEP

      196608:33G7tP2OF024LBHAn6xQTRPR4UV5Eyj8Fy6:AtuOnyA51PjEyj8Fy6

    Score
    8/10
    upxexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks