Overview

overview

7

Static

static

7

8da0ef2134...0N.exe

windows7-x64

7

8da0ef2134...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    8da0ef2134453dadf56c61ac9f821b10N

  • Size

    111KB

  • Sample

    240907-yb68eatcqd

  • MD5

    8da0ef2134453dadf56c61ac9f821b10

  • SHA1

    9b7ac8b039d6001f7cc25b1b5132630faccae3f8

  • SHA256

    0ed4bb9634b0f17513366af7fce35d8d54658f96c3ddb66a2bbe46e6d9cb70be

  • SHA512

    f7730655b9120b2ff97b6c1f62fb8583326658dea2814bd56bb9a558f906d9c52d9fd2a2f12bb7a4a5fa3bf70a78c4cef66a106a1538e09fb620de2ae2b28e9b

  • SSDEEP

    1536:ELNIW39SaZTbFARlq7jC1OZstZu0TSVEdUJWTWd18fBW:ELlbZTZX3BAtTSVEdUJWTWd18fM

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      8da0ef2134453dadf56c61ac9f821b10N

    • Size

      111KB

    • MD5

      8da0ef2134453dadf56c61ac9f821b10

    • SHA1

      9b7ac8b039d6001f7cc25b1b5132630faccae3f8

    • SHA256

      0ed4bb9634b0f17513366af7fce35d8d54658f96c3ddb66a2bbe46e6d9cb70be

    • SHA512

      f7730655b9120b2ff97b6c1f62fb8583326658dea2814bd56bb9a558f906d9c52d9fd2a2f12bb7a4a5fa3bf70a78c4cef66a106a1538e09fb620de2ae2b28e9b

    • SSDEEP

      1536:ELNIW39SaZTbFARlq7jC1OZstZu0TSVEdUJWTWd18fBW:ELlbZTZX3BAtTSVEdUJWTWd18fM

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks