Overview

overview

7

Static

static

5

3e2b471395...23.exe

windows7-x64

7

3e2b471395...23.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e2b471395fbf6e5843b8ecd162a048cee5521f4ce9d5b395b2a93f9a6cde423

  • Size

    135KB

  • Sample

    241009-y3b7cataqj

  • MD5

    365460f8260289b66df5b7f0889d7646

  • SHA1

    b88de6b2fb7c973f076056c27680c0757b8e9525

  • SHA256

    3e2b471395fbf6e5843b8ecd162a048cee5521f4ce9d5b395b2a93f9a6cde423

  • SHA512

    47b07c50dc72c039d882e6a7d213971b6f27b9626e3d1cd8fe92736526861f501b5bff0420fb696c56832045d3c9132b674713ac96d19ce0de6dcbe39b446319

  • SSDEEP

    1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOxK:YfU/WF6QMauSuiWNi9eNOl0007NZIOxK

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      3e2b471395fbf6e5843b8ecd162a048cee5521f4ce9d5b395b2a93f9a6cde423

    • Size

      135KB

    • MD5

      365460f8260289b66df5b7f0889d7646

    • SHA1

      b88de6b2fb7c973f076056c27680c0757b8e9525

    • SHA256

      3e2b471395fbf6e5843b8ecd162a048cee5521f4ce9d5b395b2a93f9a6cde423

    • SHA512

      47b07c50dc72c039d882e6a7d213971b6f27b9626e3d1cd8fe92736526861f501b5bff0420fb696c56832045d3c9132b674713ac96d19ce0de6dcbe39b446319

    • SSDEEP

      1536:YGYU/W2/HG6QMauSV3ixJHABLrmhH7i9eNOOg00GqMIK7aGZh3SOxK:YfU/WF6QMauSuiWNi9eNOl0007NZIOxK

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks