Overview

overview

7

Static

static

3

ad636ede6f...0N.exe

windows7-x64

7

ad636ede6f...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ad636ede6fe33a1196a5c673cf47c780N.exe

  • Size

    476KB

  • Sample

    240825-nvra7athnk

  • MD5

    ad636ede6fe33a1196a5c673cf47c780

  • SHA1

    1581c82cd252da181b91bcc497a2d75da705155c

  • SHA256

    683cba8eb71ef8ddda7600f75840f5c730437fcca7a49c6db2b00fe2355bb3cb

  • SHA512

    a7d477da515e6757c97631294eba5f721f493181b7b7c04a4a14d360daa5c00784c5339ed3fcf8961a48b9f5729bf8b51ce9c1598073520d527fc7cfeadfd179

  • SSDEEP

    3072:Jin8r+coP2W0XgEU5IuY2R8FD8edLhb9x4CuSqhAp08FkGRnNrdf45AjqKnoem:23P0KPsvKhAp081nNVjqKoe

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      ad636ede6fe33a1196a5c673cf47c780N.exe

    • Size

      476KB

    • MD5

      ad636ede6fe33a1196a5c673cf47c780

    • SHA1

      1581c82cd252da181b91bcc497a2d75da705155c

    • SHA256

      683cba8eb71ef8ddda7600f75840f5c730437fcca7a49c6db2b00fe2355bb3cb

    • SHA512

      a7d477da515e6757c97631294eba5f721f493181b7b7c04a4a14d360daa5c00784c5339ed3fcf8961a48b9f5729bf8b51ce9c1598073520d527fc7cfeadfd179

    • SSDEEP

      3072:Jin8r+coP2W0XgEU5IuY2R8FD8edLhb9x4CuSqhAp08FkGRnNrdf45AjqKnoem:23P0KPsvKhAp081nNVjqKoe

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks