Overview

overview

8

Static

static

5

97c78b9c98...6f.exe

windows7-x64

8

97c78b9c98...6f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97c78b9c98a3f73a34c90888fbff2bed224aacea28693a46d44f315a4dbe466f.exe

  • Size

    47KB

  • Sample

    241126-atjcas1mhq

  • MD5

    e118afe97f3a6731d8205ab86971ac52

  • SHA1

    d7fd7635009396014c500965bb24cba5f1c09d51

  • SHA256

    97c78b9c98a3f73a34c90888fbff2bed224aacea28693a46d44f315a4dbe466f

  • SHA512

    259c3014ea27d51d46015c906841cd7f6fef0dae3e6c2102460784f69faef1b82041780384daa1e43800ec0a0df8895b1666a045f3f1cd61ed08010b0bc332d3

  • SSDEEP

    768:hX0gWvCzuw6Uj9uGi45XOPxV5HNWnnnl000e999vddddIyyyOOtttb22220:6vCzuw6UD9Az5HNWnnn6222220

Score
8/10
defense_evasiondiscoveryevasionupx

Malware Config

Targets

    • Target

      97c78b9c98a3f73a34c90888fbff2bed224aacea28693a46d44f315a4dbe466f.exe

    • Size

      47KB

    • MD5

      e118afe97f3a6731d8205ab86971ac52

    • SHA1

      d7fd7635009396014c500965bb24cba5f1c09d51

    • SHA256

      97c78b9c98a3f73a34c90888fbff2bed224aacea28693a46d44f315a4dbe466f

    • SHA512

      259c3014ea27d51d46015c906841cd7f6fef0dae3e6c2102460784f69faef1b82041780384daa1e43800ec0a0df8895b1666a045f3f1cd61ed08010b0bc332d3

    • SSDEEP

      768:hX0gWvCzuw6Uj9uGi45XOPxV5HNWnnnl000e999vddddIyyyOOtttb22220:6vCzuw6UD9Az5HNWnnn6222220

    Score
    8/10
    defense_evasiondiscoveryevasionupx

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks