f4509b61c382815c1da0d0bc6d5ed786c18b7295af1a91ed922d92512d0f2317 | Triage

Sharing

General

Target

f4509b61c382815c1da0d0bc6d5ed786c18b7295af1a91ed922d92512d0f2317
Size

4.6MB
Sample

240722-sk9f8svcmp
MD5

8b7adc0b3a4475a3b97ec06913baf820
SHA1

d7894ca2f3c03d7b09c941d2255ef94e5be4db99
SHA256

f4509b61c382815c1da0d0bc6d5ed786c18b7295af1a91ed922d92512d0f2317
SHA512

d016fe96c16c95c97144619559cd690ece276d00b9e05d61caf70ade24c47cf16591af7745dd743a3a9498016ba5b4ddced2ebc87bcb9d3ab7525cb29e15ad4d
SSDEEP

98304:nU13lh8mKKroU+4DNHeGeQhESJ5F6Wm7dRCJnqzFsXl:83wmfrFHNeC765dRCRqK1

Score

8^/10

evasion execution upx

Malware Config

Targets

- Target
  
  f4509b61c382815c1da0d0bc6d5ed786c18b7295af1a91ed922d92512d0f2317
- Size
  
  4.6MB
- MD5
  
  8b7adc0b3a4475a3b97ec06913baf820
- SHA1
  
  d7894ca2f3c03d7b09c941d2255ef94e5be4db99
- SHA256
  
  f4509b61c382815c1da0d0bc6d5ed786c18b7295af1a91ed922d92512d0f2317
- SHA512
  
  d016fe96c16c95c97144619559cd690ece276d00b9e05d61caf70ade24c47cf16591af7745dd743a3a9498016ba5b4ddced2ebc87bcb9d3ab7525cb29e15ad4d
- SSDEEP
  
  98304:nU13lh8mKKroU+4DNHeGeQhESJ5F6Wm7dRCJnqzFsXl:83wmfrFHNeC765dRCRqK1
Score

8^/10

evasion execution upx
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionupx

behavioral2

evasionexecutionupx