Overview

overview

7

Static

static

3

d35c17069d...77.exe

windows7-x64

7

d35c17069d...77.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d35c17069d028b8f5087b79e045a1f58f2418e678ec6eb64afb8b0dcc2e84f77

  • Size

    340KB

  • Sample

    241018-dwy3bathne

  • MD5

    5e4eabb874256bd534b5dc96ddbd4d43

  • SHA1

    a551b901dfeb6c60fd5971158e4caf8752a5fac4

  • SHA256

    d35c17069d028b8f5087b79e045a1f58f2418e678ec6eb64afb8b0dcc2e84f77

  • SHA512

    fbbd5d95831aa40472bd648180590d9a6c765cc652e7a07182592bcd64f9c51f433886587b33739a7d8925df2907d972c5a133d4ee147256af6748c521543813

  • SSDEEP

    6144:MRVQPKuV3eIY8uwJxuaIFtkxOd6HarTrjCP9sERagkL9:fKuV3eZwTZAUi663rWPzkR

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      d35c17069d028b8f5087b79e045a1f58f2418e678ec6eb64afb8b0dcc2e84f77

    • Size

      340KB

    • MD5

      5e4eabb874256bd534b5dc96ddbd4d43

    • SHA1

      a551b901dfeb6c60fd5971158e4caf8752a5fac4

    • SHA256

      d35c17069d028b8f5087b79e045a1f58f2418e678ec6eb64afb8b0dcc2e84f77

    • SHA512

      fbbd5d95831aa40472bd648180590d9a6c765cc652e7a07182592bcd64f9c51f433886587b33739a7d8925df2907d972c5a133d4ee147256af6748c521543813

    • SSDEEP

      6144:MRVQPKuV3eIY8uwJxuaIFtkxOd6HarTrjCP9sERagkL9:fKuV3eZwTZAUi663rWPzkR

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks