Overview

overview

10

Static

static

10

GeForce_Dr...te.exe

windows10-1703-x64

10

GeForce_Dr...te.exe

windows10-2004-x64

7

GeForce_Dr...te.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    GeForce_DriverUpdate.exe

  • Size

    8.1MB

  • Sample

    240123-ce66xseghp

  • MD5

    efba3ded069d8cfc356c5f45a019b155

  • SHA1

    1ce8caa9bd706526870b2050f969ab65e0acbb15

  • SHA256

    b6327db9fdf169fb09fa72e24a8f1a893234d53d3bb27cd98969347e9046dab6

  • SHA512

    1732e7d48ef82dff7191b9493c00dfd580e575b5c92b3b23806dbb0f14e5688564cd2a70e49494ccc32210d7bad4b4abbd23a564de6ba97bf10d9dfd28afffb9

  • SSDEEP

    196608:lNyEzR6WLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEnbk9qtlDfJ1:aRqL+9qz88Ck+7q3p91JmBqfL

Score
10/10
blankgrabberevasionupx

Malware Config

Targets

    • Target

      GeForce_DriverUpdate.exe

    • Size

      8.1MB

    • MD5

      efba3ded069d8cfc356c5f45a019b155

    • SHA1

      1ce8caa9bd706526870b2050f969ab65e0acbb15

    • SHA256

      b6327db9fdf169fb09fa72e24a8f1a893234d53d3bb27cd98969347e9046dab6

    • SHA512

      1732e7d48ef82dff7191b9493c00dfd580e575b5c92b3b23806dbb0f14e5688564cd2a70e49494ccc32210d7bad4b4abbd23a564de6ba97bf10d9dfd28afffb9

    • SSDEEP

      196608:lNyEzR6WLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEnbk9qtlDfJ1:aRqL+9qz88Ck+7q3p91JmBqfL

    Score
    10/10
    evasionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks