Overview

overview

7

Static

static

5

ceffe7153f...14.exe

windows7-x64

7

ceffe7153f...14.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ceffe7153fd06bfb0562cecefb8e4a35128db323448d443f26455cef50464214

  • Size

    155KB

  • Sample

    241120-ej17kszpfw

  • MD5

    99db13005ecc1706ad48b38e15a875d5

  • SHA1

    6bef28b2572690f1ea9ff7e11d100524c458b085

  • SHA256

    ceffe7153fd06bfb0562cecefb8e4a35128db323448d443f26455cef50464214

  • SHA512

    9b74cee819c8d96e441bae1ecec5a04281ea3e706e188e3491ea9cfd544f73a348ab6cd729395880577ccd403877be81387e183c180fc1c8b6c594da24922b78

  • SSDEEP

    3072:Q79l86WqGzIfjZIVPXwu7xXIeout9nr7Xh1aQC:QrzW/zeZiPpOeoS9/Xh0QC

Score
7/10
defense_evasiondiscoverypersistenceupx

Malware Config

Targets

    • Target

      ceffe7153fd06bfb0562cecefb8e4a35128db323448d443f26455cef50464214

    • Size

      155KB

    • MD5

      99db13005ecc1706ad48b38e15a875d5

    • SHA1

      6bef28b2572690f1ea9ff7e11d100524c458b085

    • SHA256

      ceffe7153fd06bfb0562cecefb8e4a35128db323448d443f26455cef50464214

    • SHA512

      9b74cee819c8d96e441bae1ecec5a04281ea3e706e188e3491ea9cfd544f73a348ab6cd729395880577ccd403877be81387e183c180fc1c8b6c594da24922b78

    • SSDEEP

      3072:Q79l86WqGzIfjZIVPXwu7xXIeout9nr7Xh1aQC:QrzW/zeZiPpOeoS9/Xh0QC

    Score
    7/10
    defense_evasiondiscoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks