Overview

overview

8

Static

static

3

BACKUP_Tools20h2.exe

windows7-x64

8

BACKUP_Tools20h2.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b21389d0ba14359062ed7c624cfceb142814a2a7296bfb48025041fa166df3b

  • Size

    8.1MB

  • Sample

    240701-vr6p2azcrf

  • MD5

    ed5d9aa4b202d78802c8fd75227d4c0d

  • SHA1

    7fd1bb481468025e300d0c01c4ec209f6fd5245b

  • SHA256

    5b21389d0ba14359062ed7c624cfceb142814a2a7296bfb48025041fa166df3b

  • SHA512

    68caf809783ab345934b1dd62ee87eec3ec58f646f61646b2cd6fbcb7f4ff790adecd87ab602d199c648ffc558149063a7ee70adaf6cfa0df0bbd5f9433c8855

  • SSDEEP

    196608:+B8TzwSwVgmODje+ij42yLgVuWNUDjKG+m10VXpDi:K8TkS3mODSj42ycVrNttO0VQ

Score
8/10
upx

Malware Config

Targets

    • Target

      BACKUP_Tools20h2.exe

    • Size

      8.2MB

    • MD5

      dcc902f7e63d513c373f2772c0f37296

    • SHA1

      f4007377ea9383d3dcb39e48b416b82b4b4bca95

    • SHA256

      d7acc6749510f234edd24f0e4cd48fffc18b7385c788254fc3824639ec8f0f3a

    • SHA512

      4de65826224baa795269ba456807ee0b934e20896086eab9ca9566ba48a59d1788dc304f65f8e43e0b467aa73a7d832ffe8d897f712f352bb6413254dba8a517

    • SSDEEP

      196608:j8g9l203H/1DzUnUsXXVoFLFi1UHdAel6J00aPrS:j8gr2k/1D9sXXV+LM1tmQ00T

    Score
    8/10
    upx

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks