General

  • Target

    43fd820f3c11bc274a0b82fc5858656a6b3aeec2ae692b1a36c991ec86703139

  • Size

    549KB

  • Sample

    240610-z96j7s1brd

  • MD5

    1d30f028a1df29377d0232814c1b8e31

  • SHA1

    cb42ad704d8beb85ab281648d6598e1a4ccf97a7

  • SHA256

    43fd820f3c11bc274a0b82fc5858656a6b3aeec2ae692b1a36c991ec86703139

  • SHA512

    325f4ca7bc374e26d3e24fbcb6d16452de77287cd656f7b9504d3f52e2617f69b5c87657a81ef1eeba0b92469efb0a06046068abb066895d7ab4de17fa81646e

  • SSDEEP

    6144:DP+P9AnkP+cUrymNMMMM7HA3KKRMOYa7J8d4kYpF3I9dEi9Ku8hqiu:DP+P9AnkwryWWy2KKu9Bx+xidEK8hqf

Score
10/10
upx

Malware Config

Targets

    • Target

      43fd820f3c11bc274a0b82fc5858656a6b3aeec2ae692b1a36c991ec86703139

    • Size

      549KB

    • MD5

      1d30f028a1df29377d0232814c1b8e31

    • SHA1

      cb42ad704d8beb85ab281648d6598e1a4ccf97a7

    • SHA256

      43fd820f3c11bc274a0b82fc5858656a6b3aeec2ae692b1a36c991ec86703139

    • SHA512

      325f4ca7bc374e26d3e24fbcb6d16452de77287cd656f7b9504d3f52e2617f69b5c87657a81ef1eeba0b92469efb0a06046068abb066895d7ab4de17fa81646e

    • SSDEEP

      6144:DP+P9AnkP+cUrymNMMMM7HA3KKRMOYa7J8d4kYpF3I9dEi9Ku8hqiu:DP+P9AnkwryWWy2KKu9Bx+xidEK8hqf

    Score
    9/10
    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Blocklisted process makes network request

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks