Overview

overview

7

Static

static

7

21a7f164c8...0N.exe

windows7-x64

7

21a7f164c8...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    21a7f164c8cd150765d10fee4d139610N.exe

  • Size

    304KB

  • Sample

    240817-b1ne9stajq

  • MD5

    21a7f164c8cd150765d10fee4d139610

  • SHA1

    c3a2c09cb9428f78766f939f64a02a45ed06ff55

  • SHA256

    bd952189893801ce64f6f3f277ca4f02c118426b626a4237d40ad70b110a6d75

  • SHA512

    ec4ad6cb288568a754a6ef2d01cad15ac016cf5cd761ab4b0e560df1cf7f49291c22a450de54b010c2af4244d99dcfd7f61315504d5eddbbf526b91d45b44fb8

  • SSDEEP

    3072:Wt5SVkkgUWib1UC7AdYzrV+Dljy/32ubwZZqJ:RUquCkdYzrVolu/J0ZZ

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      21a7f164c8cd150765d10fee4d139610N.exe

    • Size

      304KB

    • MD5

      21a7f164c8cd150765d10fee4d139610

    • SHA1

      c3a2c09cb9428f78766f939f64a02a45ed06ff55

    • SHA256

      bd952189893801ce64f6f3f277ca4f02c118426b626a4237d40ad70b110a6d75

    • SHA512

      ec4ad6cb288568a754a6ef2d01cad15ac016cf5cd761ab4b0e560df1cf7f49291c22a450de54b010c2af4244d99dcfd7f61315504d5eddbbf526b91d45b44fb8

    • SSDEEP

      3072:Wt5SVkkgUWib1UC7AdYzrV+Dljy/32ubwZZqJ:RUquCkdYzrVolu/J0ZZ

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks