General

  • Target

    Black Worm Generator v3.5.exe

  • Size

    56.5MB

  • Sample

    240521-tvvaqsbe92

  • MD5

    f6a1ce8285cb532467fe1b1c6a1bbc8c

  • SHA1

    94a29ce6b45d60266cbb356841f1917ef972764b

  • SHA256

    6e785b074434cc4962019d4c2435199a72ec2f8c17f6b1375fcacbc4d7ce22fd

  • SHA512

    5fb7820e5f095fa993209e7cea72562aafc1b31e31dfc4f3f9b3518b76aa52295104d39613742f7e9dfd0572ff90b1fe6490296b19dcf5c31fde512a92711173

  • SSDEEP

    1572864:oWIK4eCj96srs6RZXQ/pVuc7plcZZhQNEhCWdLDzRCVtQ:mK4eCYJCI3BplcZZUO1dLj

Malware Config

Targets

    • Target

      Black Worm Generator v3.5.exe

    • Size

      56.5MB

    • MD5

      f6a1ce8285cb532467fe1b1c6a1bbc8c

    • SHA1

      94a29ce6b45d60266cbb356841f1917ef972764b

    • SHA256

      6e785b074434cc4962019d4c2435199a72ec2f8c17f6b1375fcacbc4d7ce22fd

    • SHA512

      5fb7820e5f095fa993209e7cea72562aafc1b31e31dfc4f3f9b3518b76aa52295104d39613742f7e9dfd0572ff90b1fe6490296b19dcf5c31fde512a92711173

    • SSDEEP

      1572864:oWIK4eCj96srs6RZXQ/pVuc7plcZZhQNEhCWdLDzRCVtQ:mK4eCYJCI3BplcZZUO1dLj

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Creates new service(s)

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Stops running service(s)

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks