Overview

overview

7

Static

static

3

515ec1ce3e...1N.exe

windows7-x64

7

515ec1ce3e...1N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    515ec1ce3e6c81c23dbd56cc782f93a8c770950f53a6a7689477568d7cf1ffe1N

  • Size

    524KB

  • Sample

    240919-c5a66swhpp

  • MD5

    558477de7e2544d2677b45f9fc74cf40

  • SHA1

    ca7254d58a4ca548e840ff9299b49dad8875aa9a

  • SHA256

    515ec1ce3e6c81c23dbd56cc782f93a8c770950f53a6a7689477568d7cf1ffe1

  • SHA512

    5b536c163dd3571af1130cd6a010644865dfad86884455b157e0ccfad26cc59114964ef2320ec0642b3c681ff82c82af569e01485b08a51adf1a6df572337246

  • SSDEEP

    12288:LLS65eo7WOcg3kXaD5Ny6+KW78FCjIwQpe:LLS65eKWOpkXaLy6OECXQpe

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      515ec1ce3e6c81c23dbd56cc782f93a8c770950f53a6a7689477568d7cf1ffe1N

    • Size

      524KB

    • MD5

      558477de7e2544d2677b45f9fc74cf40

    • SHA1

      ca7254d58a4ca548e840ff9299b49dad8875aa9a

    • SHA256

      515ec1ce3e6c81c23dbd56cc782f93a8c770950f53a6a7689477568d7cf1ffe1

    • SHA512

      5b536c163dd3571af1130cd6a010644865dfad86884455b157e0ccfad26cc59114964ef2320ec0642b3c681ff82c82af569e01485b08a51adf1a6df572337246

    • SSDEEP

      12288:LLS65eo7WOcg3kXaD5Ny6+KW78FCjIwQpe:LLS65eKWOpkXaLy6OECXQpe

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks