Overview

overview

7

Static

static

5

e6ba0eec7a...2N.exe

windows7-x64

7

e6ba0eec7a...2N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    e6ba0eec7a8928b21671aa7eaba5771e5effe6449ecf393371edb2445ce8ea42N

  • Size

    59KB

  • Sample

    241002-m1j9dswepf

  • MD5

    92b6cf621c223b8d6529af17d6decbe0

  • SHA1

    304afe1a9bbfeecac1c4f18ce6cb8e7f7d802fe9

  • SHA256

    e6ba0eec7a8928b21671aa7eaba5771e5effe6449ecf393371edb2445ce8ea42

  • SHA512

    cf948dae7f577715ad8d522151040f5519957ccee7cb93c58f3041eaa0ef3c7f197cc622abc9e1f7e240ed70d74315cc90544efec83bf815f482814ac103d69c

  • SSDEEP

    1536:3+ZgwRdiE8cO4p1xRjfTvSq5r3ZiIZ4nouy8uh1aQu:OeodiUO4p13b9HiIeoutuh1aQu

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      e6ba0eec7a8928b21671aa7eaba5771e5effe6449ecf393371edb2445ce8ea42N

    • Size

      59KB

    • MD5

      92b6cf621c223b8d6529af17d6decbe0

    • SHA1

      304afe1a9bbfeecac1c4f18ce6cb8e7f7d802fe9

    • SHA256

      e6ba0eec7a8928b21671aa7eaba5771e5effe6449ecf393371edb2445ce8ea42

    • SHA512

      cf948dae7f577715ad8d522151040f5519957ccee7cb93c58f3041eaa0ef3c7f197cc622abc9e1f7e240ed70d74315cc90544efec83bf815f482814ac103d69c

    • SSDEEP

      1536:3+ZgwRdiE8cO4p1xRjfTvSq5r3ZiIZ4nouy8uh1aQu:OeodiUO4p13b9HiIeoutuh1aQu

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks