Overview

overview

9

Static

static

3

17acb056e5...5a.exe

windows7-x64

9

17acb056e5...5a.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17acb056e5af5d645c7d194706b09675aaee7525a31a532b81879eecc053a95a

  • Size

    144KB

  • Sample

    240519-xrnwbsdb5y

  • MD5

    d4755bd55035a97cf04a9a5e384c6a52

  • SHA1

    ec3ff728d9f0f71aa5c41b29994e286a756704f7

  • SHA256

    17acb056e5af5d645c7d194706b09675aaee7525a31a532b81879eecc053a95a

  • SHA512

    2ed9d78bb220fddfb7e38e2cbd277c0edb9ec17f79b1d45da2c5694d9576ec75495f980693d2fc22693e44844c990f0152cae5615295b7353f8e406fd9ea1f6d

  • SSDEEP

    3072:l5SVkkgUgXC7AdYzrV+Dljy/32ubwZ/qJ:SUFCkdYzrVolu/J0Z/

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      17acb056e5af5d645c7d194706b09675aaee7525a31a532b81879eecc053a95a

    • Size

      144KB

    • MD5

      d4755bd55035a97cf04a9a5e384c6a52

    • SHA1

      ec3ff728d9f0f71aa5c41b29994e286a756704f7

    • SHA256

      17acb056e5af5d645c7d194706b09675aaee7525a31a532b81879eecc053a95a

    • SHA512

      2ed9d78bb220fddfb7e38e2cbd277c0edb9ec17f79b1d45da2c5694d9576ec75495f980693d2fc22693e44844c990f0152cae5615295b7353f8e406fd9ea1f6d

    • SSDEEP

      3072:l5SVkkgUgXC7AdYzrV+Dljy/32ubwZ/qJ:SUFCkdYzrVolu/J0Z/

    Score
    9/10
    persistenceupx

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks