General

  • Target

    riphook (2).exe

  • Size

    7.4MB

  • Sample

    240530-mxw4saeg3s

  • MD5

    6e082c9d8258bb23108a6349d2d123e4

  • SHA1

    f5d8fc4974f1eda4684f5fca26573d13bccd7529

  • SHA256

    430fab6f59a932ebf6fa93266d2c90c43d8dd6bc2fc9d2939b16320cca1ae3fa

  • SHA512

    cc22f875a13b8a05ca44645a2db9d25af08b340bfffd46952b2a365dcd0081783ba63290f40c9386fcb7b3a98afe7ee2d2c8ead46c9fabfe2ccbd8d371288953

  • SSDEEP

    196608:7rXnYS6FLOshoKMuIkhVastRL5Di3uh1D7Js:XYSMLOshouIkPftRL54YRJs

Malware Config

Targets

    • Target

      riphook (2).exe

    • Size

      7.4MB

    • MD5

      6e082c9d8258bb23108a6349d2d123e4

    • SHA1

      f5d8fc4974f1eda4684f5fca26573d13bccd7529

    • SHA256

      430fab6f59a932ebf6fa93266d2c90c43d8dd6bc2fc9d2939b16320cca1ae3fa

    • SHA512

      cc22f875a13b8a05ca44645a2db9d25af08b340bfffd46952b2a365dcd0081783ba63290f40c9386fcb7b3a98afe7ee2d2c8ead46c9fabfe2ccbd8d371288953

    • SSDEEP

      196608:7rXnYS6FLOshoKMuIkhVastRL5Di3uh1D7Js:XYSMLOshouIkPftRL54YRJs

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks