Overview

overview

10

Static

static

10

2024-04-26...ms.exe

windows7-x64

9

2024-04-26...ms.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-04-26_2696a373b015b79ec0ba62077a4cabe6_elex_lightbolt_mafia_skypams

  • Size

    16.8MB

  • Sample

    240426-3p5zqaee36

  • MD5

    2696a373b015b79ec0ba62077a4cabe6

  • SHA1

    34d8eb5774b3d3af8be8e1c1e7e353aff78967ef

  • SHA256

    394ad860cbc9d532803049e2c72abf62ddc613d681c0440b156291c6b5c4e6b5

  • SHA512

    9aaa7cc100d721dde2b137a81efdfbde69faf6df384922e31ad2b526495dd16cb5ce57a9f930b363432e02e76b0b6f41945d298722e6923a7bcde0a67c927cf2

  • SSDEEP

    196608:sKx4vtup77rruuPwJrEvB8H42LYy/19kjJITyOy/19J:sKx4vFu4rE58H48LbeVL

Score
10/10

Malware Config

Targets

    • Target

      2024-04-26_2696a373b015b79ec0ba62077a4cabe6_elex_lightbolt_mafia_skypams

    • Size

      16.8MB

    • MD5

      2696a373b015b79ec0ba62077a4cabe6

    • SHA1

      34d8eb5774b3d3af8be8e1c1e7e353aff78967ef

    • SHA256

      394ad860cbc9d532803049e2c72abf62ddc613d681c0440b156291c6b5c4e6b5

    • SHA512

      9aaa7cc100d721dde2b137a81efdfbde69faf6df384922e31ad2b526495dd16cb5ce57a9f930b363432e02e76b0b6f41945d298722e6923a7bcde0a67c927cf2

    • SSDEEP

      196608:sKx4vtup77rruuPwJrEvB8H42LYy/19kjJITyOy/19J:sKx4vFu4rE58H48LbeVL

    Score
    9/10

    • Detects executables containing URLs to raw contents of a Github gist

    • Detects executables containing possible sandbox analysis VM usernames

    • Detects executables packed with ConfuserEx Custom; outside of GIT

    • Detects executables packed with or use KoiVM

    • Detects executables referencing many IR and analysis tools

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Tasks