Overview

overview

7

Static

static

3

0ae41af51d...2N.exe

windows7-x64

7

0ae41af51d...2N.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    0ae41af51d8c977a7f5e17b8af23371ee88446209fedde96217fe1c87f824702N

  • Size

    476KB

  • Sample

    241009-vpf2lazbrn

  • MD5

    4cb6962aa45251d98a4cb9d2fdd43100

  • SHA1

    de2a40aefc9fb5f70bea18bb4751704c4b39526c

  • SHA256

    0ae41af51d8c977a7f5e17b8af23371ee88446209fedde96217fe1c87f824702

  • SHA512

    77fd8e7722148d604bf31ad0ec1fda3d45dc2787ccb0e7327f6f8f1351bfe4651cc2acaad278be8bd8c734812a181f46f624fc736301f3bfe47bc1d6ad82d75a

  • SSDEEP

    3072:Jin8r+coP2W0XgEU5IuY2R8FD8edLhb9x4CuSqhAp08FkGRnNrdf45AjqKnoem:23P0KPsvKhAp081nNVjqKoe

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      0ae41af51d8c977a7f5e17b8af23371ee88446209fedde96217fe1c87f824702N

    • Size

      476KB

    • MD5

      4cb6962aa45251d98a4cb9d2fdd43100

    • SHA1

      de2a40aefc9fb5f70bea18bb4751704c4b39526c

    • SHA256

      0ae41af51d8c977a7f5e17b8af23371ee88446209fedde96217fe1c87f824702

    • SHA512

      77fd8e7722148d604bf31ad0ec1fda3d45dc2787ccb0e7327f6f8f1351bfe4651cc2acaad278be8bd8c734812a181f46f624fc736301f3bfe47bc1d6ad82d75a

    • SSDEEP

      3072:Jin8r+coP2W0XgEU5IuY2R8FD8edLhb9x4CuSqhAp08FkGRnNrdf45AjqKnoem:23P0KPsvKhAp081nNVjqKoe

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks