Overview

overview

7

Static

static

3

0ea6d3a668...7c.exe

windows7-x64

7

0ea6d3a668...7c.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0ea6d3a668fff9555b871918109bce14430a85aec0b81a9cb0de728af864287c

  • Size

    84KB

  • Sample

    240710-xlfb1awhrh

  • MD5

    e16cf58ebf22132f7f2870fa2e17b94d

  • SHA1

    270b60ea1c9d6f37e608f211b8bf11aa7ee9653a

  • SHA256

    0ea6d3a668fff9555b871918109bce14430a85aec0b81a9cb0de728af864287c

  • SHA512

    2baa51d5b2aa35207b89a893361e18c41d514905fe05dc3ebe86d12d1747ce3f9ad23d73810be1a99c5e6e3bb893f09c5cf99e98f78de2e05b8f42a914847dcd

  • SSDEEP

    1536:1clIGFNMi+hJUneHoGTvvv4V9hqdhbtgS:+RMi+fUnCTvvv4V9hEhbCS

Score
7/10
persistenceupx

Malware Config

Targets

    • Target

      0ea6d3a668fff9555b871918109bce14430a85aec0b81a9cb0de728af864287c

    • Size

      84KB

    • MD5

      e16cf58ebf22132f7f2870fa2e17b94d

    • SHA1

      270b60ea1c9d6f37e608f211b8bf11aa7ee9653a

    • SHA256

      0ea6d3a668fff9555b871918109bce14430a85aec0b81a9cb0de728af864287c

    • SHA512

      2baa51d5b2aa35207b89a893361e18c41d514905fe05dc3ebe86d12d1747ce3f9ad23d73810be1a99c5e6e3bb893f09c5cf99e98f78de2e05b8f42a914847dcd

    • SSDEEP

      1536:1clIGFNMi+hJUneHoGTvvv4V9hqdhbtgS:+RMi+fUnCTvvv4V9hEhbCS

    Score
    7/10
    persistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks