Overview

overview

7

Static

static

3

fa1075c626...0N.exe

windows7-x64

7

fa1075c626...0N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa1075c626abe4315050d7b9544dd3b0N.exe

  • Size

    84KB

  • Sample

    240904-nzvt6s1brg

  • MD5

    fa1075c626abe4315050d7b9544dd3b0

  • SHA1

    2652e31f88810a74ac6260b5796bbedf9255cafa

  • SHA256

    96d2bb04174a2dfe53c2cdb4760188e6baa99066d5631c5b8c009652707adadb

  • SHA512

    b9ba435d0a7464908b82876ea3f1d33e8b3a637055a90924456ee7ae3640bb6aa94d8e092afd0cc0c2a056a5a5f585a6bd995d5398f959b130b0d0e6ec4425e5

  • SSDEEP

    1536:1clIGFNMi+hJUneHoGTvvv4V9hqdhbtgS:+RMi+fUnCTvvv4V9hEhbCS

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      fa1075c626abe4315050d7b9544dd3b0N.exe

    • Size

      84KB

    • MD5

      fa1075c626abe4315050d7b9544dd3b0

    • SHA1

      2652e31f88810a74ac6260b5796bbedf9255cafa

    • SHA256

      96d2bb04174a2dfe53c2cdb4760188e6baa99066d5631c5b8c009652707adadb

    • SHA512

      b9ba435d0a7464908b82876ea3f1d33e8b3a637055a90924456ee7ae3640bb6aa94d8e092afd0cc0c2a056a5a5f585a6bd995d5398f959b130b0d0e6ec4425e5

    • SSDEEP

      1536:1clIGFNMi+hJUneHoGTvvv4V9hqdhbtgS:+RMi+fUnCTvvv4V9hEhbCS

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks