Overview

overview

10

Static

static

10

2a25e42aad...bc.exe

windows7-x64

9

2a25e42aad...bc.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a25e42aadccedc4589fec26d46f3c98fbd9368561952d386e6b80c592770abc

  • Size

    102KB

  • Sample

    240531-yr1qkabd51

  • MD5

    12fec7bccf4056d35aee966085764c93

  • SHA1

    0fe4c017095fe5443949dd452de5fd47c116a04c

  • SHA256

    2a25e42aadccedc4589fec26d46f3c98fbd9368561952d386e6b80c592770abc

  • SHA512

    950b25f81a4af1cc6eecafc5a5e6d1071bb58df484309464ef3395a4a91f0db3594c0da74dd025af7a752d4074a96fdefecc4935873c38ca2b65e81ed124a682

  • SSDEEP

    3072:xFphTfm1UC7AdYzrV+Dljy/32ubwZZqJ:FhTfmuCkdYzrVolu/J0ZZ

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      2a25e42aadccedc4589fec26d46f3c98fbd9368561952d386e6b80c592770abc

    • Size

      102KB

    • MD5

      12fec7bccf4056d35aee966085764c93

    • SHA1

      0fe4c017095fe5443949dd452de5fd47c116a04c

    • SHA256

      2a25e42aadccedc4589fec26d46f3c98fbd9368561952d386e6b80c592770abc

    • SHA512

      950b25f81a4af1cc6eecafc5a5e6d1071bb58df484309464ef3395a4a91f0db3594c0da74dd025af7a752d4074a96fdefecc4935873c38ca2b65e81ed124a682

    • SSDEEP

      3072:xFphTfm1UC7AdYzrV+Dljy/32ubwZZqJ:FhTfmuCkdYzrVolu/J0ZZ

    Score
    9/10
    persistenceupx

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks