Overview

overview

8

Static

static

3

656983f866...eN.exe

windows7-x64

7

656983f866...eN.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    656983f86603152e5f5706b132f802bd42de5ad68923494c29d8a9e8bd5b730eN.exe

  • Size

    308KB

  • Sample

    241119-w3j6vavkcp

  • MD5

    de6a17d6e89d790f087c75e8c3fd1470

  • SHA1

    89e9f07116b2cab77e0881498770d9185b3f4afc

  • SHA256

    656983f86603152e5f5706b132f802bd42de5ad68923494c29d8a9e8bd5b730e

  • SHA512

    3bf7b341f7c7f0058b872d5c39f49cfff9d0f4996d80640ef70dee938de939a78f5c41f5b9fb08c0e2accdc98b2a26f033e35c08022b2f5728ab72057a83c9d7

  • SSDEEP

    3072:pxfHaRTE5TJf+jwB2ydTL5cFRu81Y2gK7UMCO05n05ghA/0Oz4ZhzSWlrSgswYCf:pZ6ogjnE8HmMCT0wJZhzAwfjRDT

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      656983f86603152e5f5706b132f802bd42de5ad68923494c29d8a9e8bd5b730eN.exe

    • Size

      308KB

    • MD5

      de6a17d6e89d790f087c75e8c3fd1470

    • SHA1

      89e9f07116b2cab77e0881498770d9185b3f4afc

    • SHA256

      656983f86603152e5f5706b132f802bd42de5ad68923494c29d8a9e8bd5b730e

    • SHA512

      3bf7b341f7c7f0058b872d5c39f49cfff9d0f4996d80640ef70dee938de939a78f5c41f5b9fb08c0e2accdc98b2a26f033e35c08022b2f5728ab72057a83c9d7

    • SSDEEP

      3072:pxfHaRTE5TJf+jwB2ydTL5cFRu81Y2gK7UMCO05n05ghA/0Oz4ZhzSWlrSgswYCf:pZ6ogjnE8HmMCT0wJZhzAwfjRDT

    Score
    8/10
    discoverypersistenceupx

    • Adds policy Run key to start application

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks