6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f | Triage

Submit
Reports

Overview

overview

Static

static

6b7db5fad0...8f.exe

windows7-x64

9

6b7db5fad0...8f.exe

windows10-2004-x64

9

Sharing

General

Target

6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f
Size

15KB
Sample

240522-arhb8aef88
MD5

810f7433368f527d10cb141a87cd836e
SHA1

efb2c92d1608122d8593161bbe6f6513333dd26d
SHA256

6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f
SHA512

505daea0dd5150e8ccbf7f757d842680502b2c782bcb1fdcfa1ac7e1c5209c3ccb11ab41ce3dca9b3cf843929686ec96eb67f6402668b4749e6632ca4b8e4cdf
SSDEEP

384:IO3qdXlIQV0YXd45xuYiMcRWnPbeVGWLwbbbGxxxx7:IO3EVdV0YXd4DuicNV3X

Score

10^/10

evasion upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f.exe

Resource

win7-20240221-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f
- Size
  
  15KB
- MD5
  
  810f7433368f527d10cb141a87cd836e
- SHA1
  
  efb2c92d1608122d8593161bbe6f6513333dd26d
- SHA256
  
  6b7db5fad0a46c51497bdcf5c015504c50d735a169d385df1e5d6e6ca3b92a8f
- SHA512
  
  505daea0dd5150e8ccbf7f757d842680502b2c782bcb1fdcfa1ac7e1c5209c3ccb11ab41ce3dca9b3cf843929686ec96eb67f6402668b4749e6632ca4b8e4cdf
- SSDEEP
  
  384:IO3qdXlIQV0YXd45xuYiMcRWnPbeVGWLwbbbGxxxx7:IO3EVdV0YXd4DuicNV3X
Score

9^/10

evasion upx
- Detects Windows executables referencing non-Windows User-Agents
- UPX dump on OEP (original entry point)
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy