Overview

overview

8

Static

static

3

HIGH DAMAGE.exe

windows7-x64

8

HIGH DAMAGE.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HIGH DAMAGE.exe

  • Size

    13.8MB

  • Sample

    230204-w3ew5ahd6x

  • MD5

    ac57f71e120e2d8f28972914dccdbe11

  • SHA1

    fd4b154b11ab09f9c89deaddcd3383f2c472edc0

  • SHA256

    1a3bd1e33de6d8ff3d9441d49f463f63afb02c6940513ed390440e89006c6813

  • SHA512

    3c4c819e1a0990034e9cc8c177dcdb470956277da7681fe515c99bcaac55e8af4dffbe92c56647c91d15e76bafabd84810818d7601a5779116ea908d93c9ce59

  • SSDEEP

    196608:bSXZAlqpb7KX/x1HhyehNJm3AqdKDnO8NpkSgsAGKaR2ehmytu9mEyDk3e3yRpT:IZAlqYXJBb/m3pgDOEkSgsvpuQrkuAp

Score
8/10
persistencepyinstallerupx

Malware Config

Targets

    • Target

      HIGH DAMAGE.exe

    • Size

      13.8MB

    • MD5

      ac57f71e120e2d8f28972914dccdbe11

    • SHA1

      fd4b154b11ab09f9c89deaddcd3383f2c472edc0

    • SHA256

      1a3bd1e33de6d8ff3d9441d49f463f63afb02c6940513ed390440e89006c6813

    • SHA512

      3c4c819e1a0990034e9cc8c177dcdb470956277da7681fe515c99bcaac55e8af4dffbe92c56647c91d15e76bafabd84810818d7601a5779116ea908d93c9ce59

    • SSDEEP

      196608:bSXZAlqpb7KX/x1HhyehNJm3AqdKDnO8NpkSgsAGKaR2ehmytu9mEyDk3e3yRpT:IZAlqYXJBb/m3pgDOEkSgsvpuQrkuAp

    Score
    8/10
    persistenceupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks