General

  • Target

    a5a84a3e8523ebbb295f4c3b7e6208c4844ec67ff5a51d8ff3acca5c6bb73188

  • Size

    67KB

  • Sample

    240611-bwz89syeqd

  • MD5

    8db0891f8f6a85f507ffaa977bf8d706

  • SHA1

    e050c27d1d73adf6ff97e7a2257448076af09555

  • SHA256

    a5a84a3e8523ebbb295f4c3b7e6208c4844ec67ff5a51d8ff3acca5c6bb73188

  • SHA512

    d79b198edf39e5db8410253595238a2be7e4a1f964388a92b228f60a493b9eeb91c4fbb899107cbeabcecb45488040616ebf767c67f63e9fe12969eef58bbf8e

  • SSDEEP

    768:ua4r+PpHfXGLOnNh8noR+Dk6SLhmVGj3y6SLhmVGj36/:2r+Fuc5LhmkjC5LhmkjY

Score
10/10
upx

Malware Config

Targets

    • Target

      a5a84a3e8523ebbb295f4c3b7e6208c4844ec67ff5a51d8ff3acca5c6bb73188

    • Size

      67KB

    • MD5

      8db0891f8f6a85f507ffaa977bf8d706

    • SHA1

      e050c27d1d73adf6ff97e7a2257448076af09555

    • SHA256

      a5a84a3e8523ebbb295f4c3b7e6208c4844ec67ff5a51d8ff3acca5c6bb73188

    • SHA512

      d79b198edf39e5db8410253595238a2be7e4a1f964388a92b228f60a493b9eeb91c4fbb899107cbeabcecb45488040616ebf767c67f63e9fe12969eef58bbf8e

    • SSDEEP

      768:ua4r+PpHfXGLOnNh8noR+Dk6SLhmVGj3y6SLhmVGj36/:2r+Fuc5LhmkjC5LhmkjY

    Score
    9/10
    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks