9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

9e2fcb01c4...84.exe

windows7-x64

9

9e2fcb01c4...84.exe

windows10-2004-x64

Sharing

General

Target

9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884
Size

2.1MB
Sample

240919-ehzblazdmb
MD5

c5034b6775785e1028cd88bbe0668d17
SHA1

1accb10339dbd6c90b310260a87d2116049f4f9d
SHA256

9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884
SHA512

72d37d963d6c1250aefad13da35b94d279016012198779f97027dd425194a085ddc4348eac05b593c12a4bb8bb4d9b6949a1f54d5e0a5956c2a252f0bf42d895
SSDEEP

49152:URbj8KejhM9uPSGGRvCYJRb5wEtdR/5s3x2BOUIKaqCCB:UhQDhM4GRxRb5wSdK1UIKaqXB

Score

9^/10

discovery evasion upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884.exe

Resource

win7-20240903-en

discovery evasion upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884.exe

Resource

win10v2004-20240802-en

discovery evasion upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884
- Size
  
  2.1MB
- MD5
  
  c5034b6775785e1028cd88bbe0668d17
- SHA1
  
  1accb10339dbd6c90b310260a87d2116049f4f9d
- SHA256
  
  9e2fcb01c49b561ff095058f1b0e8f42bb1aceb3c3149f4fdc8731085748a884
- SHA512
  
  72d37d963d6c1250aefad13da35b94d279016012198779f97027dd425194a085ddc4348eac05b593c12a4bb8bb4d9b6949a1f54d5e0a5956c2a252f0bf42d895
- SSDEEP
  
  49152:URbj8KejhM9uPSGGRvCYJRb5wEtdR/5s3x2BOUIKaqCCB:UhQDhM4GRxRb5wSdK1UIKaqXB
Score

9^/10

discovery evasion upx
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

discoveryevasionupx

© 2018-2024

Terms | Privacy