Overview

overview

7

Static

static

7

00a88b1109...0N.exe

windows7-x64

7

00a88b1109...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    00a88b1109970c4aa8e8591c540b6df0N.exe

  • Size

    304KB

  • Sample

    240907-nkjhlasbqa

  • MD5

    00a88b1109970c4aa8e8591c540b6df0

  • SHA1

    d9864d778868d64dde21c19b7e479c5387b4b905

  • SHA256

    3df6b05a35724fdbef4a735efff12641595357281c42a8325e12516c861c15e8

  • SHA512

    a3b24a1055ad78c2440b099494ebaf294626ff6a35a4b024d9fc5f12ddad3dcbaf53a95c122a80edd361d6aca5e5d8264b036401723678197d97d0523a4d1b89

  • SSDEEP

    3072:nt5SVkkgUWib1UC7AdYzrV+Dljy/32ubwZZqJ:qUquCkdYzrVolu/J0ZZ

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      00a88b1109970c4aa8e8591c540b6df0N.exe

    • Size

      304KB

    • MD5

      00a88b1109970c4aa8e8591c540b6df0

    • SHA1

      d9864d778868d64dde21c19b7e479c5387b4b905

    • SHA256

      3df6b05a35724fdbef4a735efff12641595357281c42a8325e12516c861c15e8

    • SHA512

      a3b24a1055ad78c2440b099494ebaf294626ff6a35a4b024d9fc5f12ddad3dcbaf53a95c122a80edd361d6aca5e5d8264b036401723678197d97d0523a4d1b89

    • SSDEEP

      3072:nt5SVkkgUWib1UC7AdYzrV+Dljy/32ubwZZqJ:qUquCkdYzrVolu/J0ZZ

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks