General

  • Target

    v1.20.exe

  • Size

    8.2MB

  • Sample

    240527-s5q6dshc2t

  • MD5

    31ef3a42885eea2d9d90cb13e6d5f481

  • SHA1

    8fe00d94529326b8593cf99a04325253cb5622c9

  • SHA256

    101dbbfe0dccd7717668e20525ff73f4372db0f686c2638a964bd2decfee450c

  • SHA512

    193c32bca0dfd9aecd43b4962450047d44fc0fac1b3ebeb599f30ff2eed845cc02244872db1c075bd3424f544e78a7978ab56fa71a4f1802a4f4b1d954e98ca8

  • SSDEEP

    196608:qrL0A9VsurErvI9pWjgfPvzm6gs/SEjEB4AuG:t4WurEUWjC3zDAa84AuG

Malware Config

Targets

    • Target

      v1.20.exe

    • Size

      8.2MB

    • MD5

      31ef3a42885eea2d9d90cb13e6d5f481

    • SHA1

      8fe00d94529326b8593cf99a04325253cb5622c9

    • SHA256

      101dbbfe0dccd7717668e20525ff73f4372db0f686c2638a964bd2decfee450c

    • SHA512

      193c32bca0dfd9aecd43b4962450047d44fc0fac1b3ebeb599f30ff2eed845cc02244872db1c075bd3424f544e78a7978ab56fa71a4f1802a4f4b1d954e98ca8

    • SSDEEP

      196608:qrL0A9VsurErvI9pWjgfPvzm6gs/SEjEB4AuG:t4WurEUWjC3zDAa84AuG

    Score
    10/10
    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      ���^���.pyc

    • Size

      1KB

    • MD5

      7b2ebb0e80b3c26da1a415a9af54e974

    • SHA1

      3f2c1aa2b3841cd11319a6109eb30e46c3711a4e

    • SHA256

      54bfd7f9b977f9fbdac8cb3eefd0468b316711cb0791540f073821b3061e4c0b

    • SHA512

      acf64733b9948b78be2fe888607f90635ce10e566a08639533c14fe52df4530529922b9fd5ab11b75d7d5ce36c36695c9968d667175056cb50dfc442431c9f52

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks