Overview

overview

7

Static

static

7

3278c3a3e7...82.exe

windows7-x64

7

3278c3a3e7...82.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    3278c3a3e7c27ff920c41bdf58f444192f965faccf79a1e0c2bdf0350ae2af82

  • Size

    135KB

  • Sample

    240727-zm2mqs1eqa

  • MD5

    f99d4b17dfc714906f6315ee566bbd89

  • SHA1

    b12aaa8407f9b5d798657fc47d792c5409962ba6

  • SHA256

    3278c3a3e7c27ff920c41bdf58f444192f965faccf79a1e0c2bdf0350ae2af82

  • SHA512

    c211fff92c501370774762bdd70600f7715ae97c3b9213cb4762924ca2bc032de5d9e267b27ee5b4f0f3d4f361baebc385fc09f80d80d86c30f74fcb43e7e686

  • SSDEEP

    1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOI:YfU/WF6QMauSuiWNi9eNOl0007NZIOI

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      3278c3a3e7c27ff920c41bdf58f444192f965faccf79a1e0c2bdf0350ae2af82

    • Size

      135KB

    • MD5

      f99d4b17dfc714906f6315ee566bbd89

    • SHA1

      b12aaa8407f9b5d798657fc47d792c5409962ba6

    • SHA256

      3278c3a3e7c27ff920c41bdf58f444192f965faccf79a1e0c2bdf0350ae2af82

    • SHA512

      c211fff92c501370774762bdd70600f7715ae97c3b9213cb4762924ca2bc032de5d9e267b27ee5b4f0f3d4f361baebc385fc09f80d80d86c30f74fcb43e7e686

    • SSDEEP

      1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOI:YfU/WF6QMauSuiWNi9eNOl0007NZIOI

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks