Overview

overview

7

Static

static

3

552d092a0c...0N.exe

windows7-x64

7

552d092a0c...0N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    552d092a0c8560e3359cd08e98b6f830N.exe

  • Size

    88KB

  • Sample

    240806-eex95ayenr

  • MD5

    552d092a0c8560e3359cd08e98b6f830

  • SHA1

    65d841b92ace7e278b5287b33210988010eb2185

  • SHA256

    5b6b5211a736b31ef8029f7c45d08f3c552a9a12fd58c8765f5663402b669d70

  • SHA512

    dcaeaf9d1ea95ee0949d5c24da3a4204cd6d8328a44adb99640e2a9b79164e8e68a2b127b174bba18694d3ff642c226d89ac19aaba6581f149ebc687329ced9d

  • SSDEEP

    1536:ahUDofByDJWbMGcEFLPEPKOJUsy1+VMA:aIofBHbKMP0PvMA

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      552d092a0c8560e3359cd08e98b6f830N.exe

    • Size

      88KB

    • MD5

      552d092a0c8560e3359cd08e98b6f830

    • SHA1

      65d841b92ace7e278b5287b33210988010eb2185

    • SHA256

      5b6b5211a736b31ef8029f7c45d08f3c552a9a12fd58c8765f5663402b669d70

    • SHA512

      dcaeaf9d1ea95ee0949d5c24da3a4204cd6d8328a44adb99640e2a9b79164e8e68a2b127b174bba18694d3ff642c226d89ac19aaba6581f149ebc687329ced9d

    • SSDEEP

      1536:ahUDofByDJWbMGcEFLPEPKOJUsy1+VMA:aIofBHbKMP0PvMA

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks