Overview

overview

7

Static

static

5

ebbc43edf2...9d.exe

windows7-x64

7

ebbc43edf2...9d.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ebbc43edf2692bc7d070d8ea43811263e0d5826203a8dffd531ab63ed2edcb9d

  • Size

    102KB

  • Sample

    241120-fzbgja1qg1

  • MD5

    1bfab6bb3c073b2840dc554814bd1787

  • SHA1

    a547d4f8b1ac8194f9fd5d3fdc638704619c58d9

  • SHA256

    ebbc43edf2692bc7d070d8ea43811263e0d5826203a8dffd531ab63ed2edcb9d

  • SHA512

    a1dbeb60d3a3a18ae2c3dbf2396c8fbc224d1972243e1c177e2298bdc20dc538842e11beabbe6ea0d030f645a82f3c90e257079ff818e60989f02fbdbbb19e3f

  • SSDEEP

    3072:xFphTfm1UC7AdYzrV+Dljy/32ubwZZqJ7:FhTfmuCkdYzrVolu/J0ZZU

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      ebbc43edf2692bc7d070d8ea43811263e0d5826203a8dffd531ab63ed2edcb9d

    • Size

      102KB

    • MD5

      1bfab6bb3c073b2840dc554814bd1787

    • SHA1

      a547d4f8b1ac8194f9fd5d3fdc638704619c58d9

    • SHA256

      ebbc43edf2692bc7d070d8ea43811263e0d5826203a8dffd531ab63ed2edcb9d

    • SHA512

      a1dbeb60d3a3a18ae2c3dbf2396c8fbc224d1972243e1c177e2298bdc20dc538842e11beabbe6ea0d030f645a82f3c90e257079ff818e60989f02fbdbbb19e3f

    • SSDEEP

      3072:xFphTfm1UC7AdYzrV+Dljy/32ubwZZqJ7:FhTfmuCkdYzrVolu/J0ZZU

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks