Overview

overview

10

Static

static

10

3389484b11...a1.exe

windows7-x64

10

3389484b11...a1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3389484b110020f3b33032e104a6eb6296b4a08ef8d175723512b06388e73ca1

  • Size

    676KB

  • Sample

    240513-yv4xdsce76

  • MD5

    5b3b3de1e73231f7eb516e84ea37dd16

  • SHA1

    b035c59982264b3e99e785fdfb442ab5427b303e

  • SHA256

    3389484b110020f3b33032e104a6eb6296b4a08ef8d175723512b06388e73ca1

  • SHA512

    7ffeddee01a94ba51bdb75d4b372a331b65e5412c4411c73dc21c2d992137b974eaefd5edca98bda597a3721b2939cac9b88fbca40d172a64bae0c5c79d953f1

  • SSDEEP

    12288:9kiL11aPKT1F5Vs+TVonB7krqRTUWfIVzJVUYMiGx/OHWtWOaC:9ki+PKT1F5S7BgORTWJOXBSC

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      3389484b110020f3b33032e104a6eb6296b4a08ef8d175723512b06388e73ca1

    • Size

      676KB

    • MD5

      5b3b3de1e73231f7eb516e84ea37dd16

    • SHA1

      b035c59982264b3e99e785fdfb442ab5427b303e

    • SHA256

      3389484b110020f3b33032e104a6eb6296b4a08ef8d175723512b06388e73ca1

    • SHA512

      7ffeddee01a94ba51bdb75d4b372a331b65e5412c4411c73dc21c2d992137b974eaefd5edca98bda597a3721b2939cac9b88fbca40d172a64bae0c5c79d953f1

    • SSDEEP

      12288:9kiL11aPKT1F5Vs+TVonB7krqRTUWfIVzJVUYMiGx/OHWtWOaC:9ki+PKT1F5S7BgORTWJOXBSC

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks