e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a | Triage

Submit
Reports

Overview

overview

9

Static

static

5

e5111f675f...6a.exe

windows7-x64

9

e5111f675f...6a.exe

windows10-2004-x64

9

Sharing

General

Target

e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a.exe
Size

4.3MB
Sample

240523-cmermsac56
MD5

151bbb9dc3b4b8a39a5ee35695994d2c
SHA1

5437504233190f8f972a6d1725622e77cfc011aa
SHA256

e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a
SHA512

1292a586f10f52c9e393fee09ac56d33107599330230ba0f571189fc2a8d2caa411f818c37a3cd661f13882bdd747369520c1707412141a29de81eaf0e2e4e66
SSDEEP

98304:TJnZwyJZJBZnGirmQw+jYnMmu1g/dgh9GOYWe6CK/crK/c:TJWyrvZnGqhvk01g/dqGOze6Cfrf

Score

9^/10

upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a.exe

Resource

win7-20240508-en

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a.exe
- Size
  
  4.3MB
- MD5
  
  151bbb9dc3b4b8a39a5ee35695994d2c
- SHA1
  
  5437504233190f8f972a6d1725622e77cfc011aa
- SHA256
  
  e5111f675fbcb70b933d164b1a42c8996a5bad385247c66ad4a16a0ac3d9cf6a
- SHA512
  
  1292a586f10f52c9e393fee09ac56d33107599330230ba0f571189fc2a8d2caa411f818c37a3cd661f13882bdd747369520c1707412141a29de81eaf0e2e4e66
- SSDEEP
  
  98304:TJnZwyJZJBZnGirmQw+jYnMmu1g/dgh9GOYWe6CK/crK/c:TJWyrvZnGqhvk01g/dqGOze6Cfrf
Score

9^/10

upx
- Detects executables containing URLs to raw contents of a Github gist
- UPX dump on OEP (original entry point)
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy