Overview

overview

7

Static

static

5

b6699f5d9c...9N.exe

windows7-x64

7

b6699f5d9c...9N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6699f5d9c831f929999aa14a61a5abf69a2295b2a6c4017fe2d7c81a6c8e3d9N

  • Size

    135KB

  • Sample

    240927-tqp58a1bln

  • MD5

    5afbd7dae5a115e09dfcee2dc2625170

  • SHA1

    52c682351ca199a87d1365e482d4df6bc8d00c04

  • SHA256

    b6699f5d9c831f929999aa14a61a5abf69a2295b2a6c4017fe2d7c81a6c8e3d9

  • SHA512

    2512bdec2fdf79b9352b6a6adadccf397e6cc36b8b6fbe9223e27440b941a3491d478933d17e0cda1e69d75c68ca170eb54cc9f778938d87e3aba18ff0969fbc

  • SSDEEP

    1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SO8A:YfU/WF6QMauSuiWNi9eNOl0007NZIO1

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      b6699f5d9c831f929999aa14a61a5abf69a2295b2a6c4017fe2d7c81a6c8e3d9N

    • Size

      135KB

    • MD5

      5afbd7dae5a115e09dfcee2dc2625170

    • SHA1

      52c682351ca199a87d1365e482d4df6bc8d00c04

    • SHA256

      b6699f5d9c831f929999aa14a61a5abf69a2295b2a6c4017fe2d7c81a6c8e3d9

    • SHA512

      2512bdec2fdf79b9352b6a6adadccf397e6cc36b8b6fbe9223e27440b941a3491d478933d17e0cda1e69d75c68ca170eb54cc9f778938d87e3aba18ff0969fbc

    • SSDEEP

      1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SO8A:YfU/WF6QMauSuiWNi9eNOl0007NZIO1

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks