Overview

overview

10

Static

static

10

ddba039d2e...95.exe

windows7-x64

9

ddba039d2e...95.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    ddba039d2e645602626e09ac9b6a305edadd56464966419d09f33d3b0a793d95

  • Size

    15KB

  • Sample

    240614-flc37szcqp

  • MD5

    7d3ce280b5a48f346dbcb0ece9df73c0

  • SHA1

    8eed6486ffe3acdae7140e9b57ee190cab80698d

  • SHA256

    ddba039d2e645602626e09ac9b6a305edadd56464966419d09f33d3b0a793d95

  • SHA512

    8a29c57f3c3c595a75e88a712b0c1aa6d344a42b9edc4c48ff33de968260abcb8b89818179ce4c62c511638407eb744dd21521b1916be6a02ba212282e1a834d

  • SSDEEP

    384:IO3qdXlIQV0YXd45xuYiMcRWnPbeVGWLD:IO3EVdV0YXd4DuicNV3f

Score
10/10
evasionupx

Malware Config

Targets

    • Target

      ddba039d2e645602626e09ac9b6a305edadd56464966419d09f33d3b0a793d95

    • Size

      15KB

    • MD5

      7d3ce280b5a48f346dbcb0ece9df73c0

    • SHA1

      8eed6486ffe3acdae7140e9b57ee190cab80698d

    • SHA256

      ddba039d2e645602626e09ac9b6a305edadd56464966419d09f33d3b0a793d95

    • SHA512

      8a29c57f3c3c595a75e88a712b0c1aa6d344a42b9edc4c48ff33de968260abcb8b89818179ce4c62c511638407eb744dd21521b1916be6a02ba212282e1a834d

    • SSDEEP

      384:IO3qdXlIQV0YXd45xuYiMcRWnPbeVGWLD:IO3EVdV0YXd4DuicNV3f

    Score
    9/10
    evasionupx

    • Detects Windows executables referencing non-Windows User-Agents

    • UPX dump on OEP (original entry point)

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks