General

  • Target

    Method.zip

  • Size

    7.6MB

  • Sample

    240527-nkdbksaf95

  • MD5

    45456d125467c03ad9380ce5efb031ea

  • SHA1

    822e06145dbbd718e67d2f89235fd02f391a25fc

  • SHA256

    bea1b6be9e1fd334be3e6eb92a4aae32bc9ba3109640875692e763fdb3a3ca7a

  • SHA512

    d6db2816640d3c597c07d2c0cfe1ed52f2d74ebd84a1fc500523b8903ca2a8487aea73d5ec8c95fab45b210643486f74b5a5884580b910c856d8be9165374e14

  • SSDEEP

    98304:0gAtdzo5hfBgiLAd2qwcp7Qu9tZfK/JvxsmzllQ9NzlETRUgBoprDuW5Fly3FPJ9:Gy2imp7V9tZ+DvzlSNhuLMuW5clrzuw

Malware Config

Targets

    • Target

      Method/MethodReveal.exe

    • Size

      7.7MB

    • MD5

      f0fdcba521fda1be3007670423954249

    • SHA1

      d42ae34e8d15a5759b1444d37d3eac510a0cde4d

    • SHA256

      6bd45a7022878713fc90229c9670a0de5d3fb1addc623acab8f57b94e3fe16ad

    • SHA512

      78e4400c9b0cde9f0415a4f6018a781586381b55b5650842d7754309f4ec7132a0bcc002c7bda7b4cae4f688a04d0441b12253957e840af2f2774e117100cbfc

    • SSDEEP

      98304:iRgzHqdVfB2T0S27wYpFyuT/9vUIdD9C+z3zO917vOTh+ezDNhCSpXq4JvmJ1nm8:i2QsTqpFbT/9bvLz3S1bA3zCSEpn97YI

    Score
    10/10
    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks