8ca203f91fbdc5fd20f63fc8409ce52785852306de1922f8c14f5d1ce0c01820 | Triage

Resubmissions

25/09/2024, 16:37

240925-t45g3ayfka 10

25/09/2024, 16:14

240925-tpyqzaxhjg 7

Sharing

Copy URL Twitter E-mail

General

Target

8ca203f91fbdc5fd20f63fc8409ce52785852306de1922f8c14f5d1ce0c01820.exe
Size

227KB
Sample

240925-t45g3ayfka
MD5

30bc3a4843995db743e3ce3f43cb1cd2
SHA1

dddfca415d3a7b0c1e3f44b70d72f38c8d7e47eb
SHA256

8ca203f91fbdc5fd20f63fc8409ce52785852306de1922f8c14f5d1ce0c01820
SHA512

c080812f8c4048a5e473f618736ab042fa0b254cd5f8870384f12caac1492f4d848757665cd4bca787231a03dc66ed48017b6ca0319ef7810b24e1bda61e53a1
SSDEEP

3072:i3pox1w8FCoFjKej0u/Dt1XWhlPhoutPFLtVBjnmATFUJgsL:i58u8PFjcurvXUlPhoSPvfTZpwgG

Score

10^/10

defense_evasion discovery evasion execution persistence privilege_escalation upx

Malware Config

Targets

- Target
  
  8ca203f91fbdc5fd20f63fc8409ce52785852306de1922f8c14f5d1ce0c01820.exe
- Size
  
  227KB
- MD5
  
  30bc3a4843995db743e3ce3f43cb1cd2
- SHA1
  
  dddfca415d3a7b0c1e3f44b70d72f38c8d7e47eb
- SHA256
  
  8ca203f91fbdc5fd20f63fc8409ce52785852306de1922f8c14f5d1ce0c01820
- SHA512
  
  c080812f8c4048a5e473f618736ab042fa0b254cd5f8870384f12caac1492f4d848757665cd4bca787231a03dc66ed48017b6ca0319ef7810b24e1bda61e53a1
- SSDEEP
  
  3072:i3pox1w8FCoFjKej0u/Dt1XWhlPhoutPFLtVBjnmATFUJgsL:i58u8PFjcurvXUlPhoSPvfTZpwgG
Score

10^/10

defense_evasion discovery evasion execution persistence privilege_escalation upx
- Disables service(s)
  evasion execution
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Stops running service(s)
  evasion execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Access Token Manipulation

Create Process with Token

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Access Token Manipulation

Create Process with Token

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationupx

behavioral2

defense_evasiondiscoveryprivilege_escalationupx