Overview

overview

7

Static

static

1

oxc.msi

windows10-2004-x64

7

oxc.msi

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oxc.msi

  • Size

    3.4MB

  • Sample

    240521-x51r2sga51

  • MD5

    40c8f00e385ac378fca3fbe93f53fcb9

  • SHA1

    30ff539ea5e9eb4a34fcb127ad539e438d0b8a0d

  • SHA256

    cf5616011dc747e4d3da097801835b55eb4cd52ff69036b5737bc8b7dc6a2e99

  • SHA512

    10f3e718d5d2f0bf308f2f97d380362fa638b23ae600b473d695191962b56d57ec8bc648d32f8f4146fca8a0b82bf946d3f1c3a74f685fd03c706fdb78a27c6e

  • SSDEEP

    98304:ZpqE1IODrPVltIAIrjOrugQekmM5gNRabU7s:6wrP6Hyrubr5

Score
7/10
discoverypersistence

Malware Config

Targets

    • Target

      oxc.msi

    • Size

      3.4MB

    • MD5

      40c8f00e385ac378fca3fbe93f53fcb9

    • SHA1

      30ff539ea5e9eb4a34fcb127ad539e438d0b8a0d

    • SHA256

      cf5616011dc747e4d3da097801835b55eb4cd52ff69036b5737bc8b7dc6a2e99

    • SHA512

      10f3e718d5d2f0bf308f2f97d380362fa638b23ae600b473d695191962b56d57ec8bc648d32f8f4146fca8a0b82bf946d3f1c3a74f685fd03c706fdb78a27c6e

    • SSDEEP

      98304:ZpqE1IODrPVltIAIrjOrugQekmM5gNRabU7s:6wrP6Hyrubr5

    Score
    7/10
    discoverypersistence

    • Modifies file permissions

      discovery

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks