Overview

overview

7

Static

static

3

ba03d8007b...0N.exe

windows7-x64

7

ba03d8007b...0N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ba03d8007be11c301434a6a4bbf3af40N

  • Size

    88KB

  • Sample

    240912-fg9xdasbmk

  • MD5

    ba03d8007be11c301434a6a4bbf3af40

  • SHA1

    8028e9d4c66248cdf263a835266588a16f57d01f

  • SHA256

    493ec1e2c1f4c26a6c39941304d219d99e846314d90fe7b250086ed023f28e8f

  • SHA512

    46142559e53479efb0a4d0883eae98d5370a0b6ac154d51f06c4bc2a5956b6fabe64eef2251fae1709e9224b7d9d17b6cc8f83bf3e88c64da81827bf9437e5ad

  • SSDEEP

    768:aQNIscPXcOAKrm//4SE6rdcIz0M6mc39vAqBbXml/X4B0blMTIWo90UvIC2TVGpC:aCILvs9NctvAqlWpoBjpUv72TDFP

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      ba03d8007be11c301434a6a4bbf3af40N

    • Size

      88KB

    • MD5

      ba03d8007be11c301434a6a4bbf3af40

    • SHA1

      8028e9d4c66248cdf263a835266588a16f57d01f

    • SHA256

      493ec1e2c1f4c26a6c39941304d219d99e846314d90fe7b250086ed023f28e8f

    • SHA512

      46142559e53479efb0a4d0883eae98d5370a0b6ac154d51f06c4bc2a5956b6fabe64eef2251fae1709e9224b7d9d17b6cc8f83bf3e88c64da81827bf9437e5ad

    • SSDEEP

      768:aQNIscPXcOAKrm//4SE6rdcIz0M6mc39vAqBbXml/X4B0blMTIWo90UvIC2TVGpC:aCILvs9NctvAqlWpoBjpUv72TDFP

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks