Overview

overview

7

Static

static

7

eb29c06f84...0N.exe

windows7-x64

7

eb29c06f84...0N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb29c06f841f4e52c9aab0d231833c90N.exe

  • Size

    163KB

  • Sample

    240816-zhlqqazbkl

  • MD5

    eb29c06f841f4e52c9aab0d231833c90

  • SHA1

    e195b7e564a6c8c4429680dc12db6827e5e892ed

  • SHA256

    3d98feb5aa1e763fdbff1788989f314a6afbcef3e7f876f8eddc4f718710f83f

  • SHA512

    42e8cea6ff701d2894347280eba0aaf9596882d5b8dc6037879a1e7cab9a64b627e058337162c3bc7582b681aadbed34b693121e77b7aa47ff5a1ab5bbd5d2de

  • SSDEEP

    3072:6m8QyMWSVCqwT1h+popOOfaPOx5P+m/pNdhZ1QYUdq:WqwJh+6pAkGm/pH1gdq

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      eb29c06f841f4e52c9aab0d231833c90N.exe

    • Size

      163KB

    • MD5

      eb29c06f841f4e52c9aab0d231833c90

    • SHA1

      e195b7e564a6c8c4429680dc12db6827e5e892ed

    • SHA256

      3d98feb5aa1e763fdbff1788989f314a6afbcef3e7f876f8eddc4f718710f83f

    • SHA512

      42e8cea6ff701d2894347280eba0aaf9596882d5b8dc6037879a1e7cab9a64b627e058337162c3bc7582b681aadbed34b693121e77b7aa47ff5a1ab5bbd5d2de

    • SSDEEP

      3072:6m8QyMWSVCqwT1h+popOOfaPOx5P+m/pNdhZ1QYUdq:WqwJh+6pAkGm/pH1gdq

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks