Overview

overview

7

Static

static

5

57f0854cfa...5N.exe

windows7-x64

7

57f0854cfa...5N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57f0854cfaac7433b1992c512373ebef134bcf7bf066ca3c6948bed4bda7c715N

  • Size

    135KB

  • Sample

    241023-tdyxlaycng

  • MD5

    37cea4578aaa82c26d9769595e68f120

  • SHA1

    31a0464bbd40214c3d7854d0590f3550810e9433

  • SHA256

    57f0854cfaac7433b1992c512373ebef134bcf7bf066ca3c6948bed4bda7c715

  • SHA512

    2d387eb2cca680c1f42145f907fc991185b695e2c0211c1f9761f84af9f65717dd1461d5f9a581afd65494eb3db18a2154b41bbb8e72766ef7bfff5b878359ad

  • SSDEEP

    3072:YfU/WF6QMauSuiWNi9eNOl0007NZIOpGi:JWKauSuiWNi1J077n8i

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      57f0854cfaac7433b1992c512373ebef134bcf7bf066ca3c6948bed4bda7c715N

    • Size

      135KB

    • MD5

      37cea4578aaa82c26d9769595e68f120

    • SHA1

      31a0464bbd40214c3d7854d0590f3550810e9433

    • SHA256

      57f0854cfaac7433b1992c512373ebef134bcf7bf066ca3c6948bed4bda7c715

    • SHA512

      2d387eb2cca680c1f42145f907fc991185b695e2c0211c1f9761f84af9f65717dd1461d5f9a581afd65494eb3db18a2154b41bbb8e72766ef7bfff5b878359ad

    • SSDEEP

      3072:YfU/WF6QMauSuiWNi9eNOl0007NZIOpGi:JWKauSuiWNi1J077n8i

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks