Overview

overview

7

Static

static

7

rufus-4.4.exe

windows10-1703-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rufus-4.4.exe

  • Size

    1.4MB

  • Sample

    240204-xhax4saedn

  • MD5

    7a4662bb7f331d2252f3d949657d821d

  • SHA1

    ad53fddfbcead7b3e6c322c0aad8c4a826bd4967

  • SHA256

    42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74

  • SHA512

    a1d111fc91cd470d36bd4640884b3550c6a4035e8c5bc5176dc9f67aa2ef8be6fc12956d0b351c272d8bb89646546dac868b32d1d1985dee86ffb6e971b14f3f

  • SSDEEP

    24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt

Score
7/10
evasionpyinstallertrojanupx

Malware Config

Targets

    • Target

      rufus-4.4.exe

    • Size

      1.4MB

    • MD5

      7a4662bb7f331d2252f3d949657d821d

    • SHA1

      ad53fddfbcead7b3e6c322c0aad8c4a826bd4967

    • SHA256

      42cdb16f6dd64c4fec30c7a71960fe4d0015862c37e7b02c8dba5c0d68384c74

    • SHA512

      a1d111fc91cd470d36bd4640884b3550c6a4035e8c5bc5176dc9f67aa2ef8be6fc12956d0b351c272d8bb89646546dac868b32d1d1985dee86ffb6e971b14f3f

    • SSDEEP

      24576:wOyBSB04yZT5Z6iqUbVEMs6MrhXlPrBnr/TwcEgzXIdVWLpuL94q:XgZT5ZSU1fUhXhrBnbTbaAIt

    Score
    7/10
    evasionpyinstallertrojanupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks whether UAC is enabled

      evasiontrojan

    • Downloads MZ/PE file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks