General

  • Target

    Feather_2.zip

  • Size

    7.2MB

  • Sample

    240602-1j91dafh8t

  • MD5

    80a25bcd6c8d5b27e497cdbe36f2799b

  • SHA1

    8f0f45a96a1c9778d7f30e9047d1c73fc71d985c

  • SHA256

    222c53651a1c0d986b9b8387e4dc38c2b72bc41665728b22c5cea55d1ff4c01c

  • SHA512

    503e99bf0b9876538b70d57353b2b5afa77ef58c6ef873e7d269cbd9e00b6b60efe6cc89238f113ccf111697a2b6114b35aefcc5ea3ba69ad60ed2cd8e0b38c5

  • SSDEEP

    196608:V6LoohqUheKyIcGp5+Enfjt50bErf97Gl:V6LoGqUhEIcGLJnfjtCEhGl

Malware Config

Targets

    • Target

      Feather (2).exe

    • Size

      7.3MB

    • MD5

      28cae84724826530a57c22c14ad8522b

    • SHA1

      5767ec1d30f35c0e27d0723dc128ead7e953bca1

    • SHA256

      b21750e00aa3a8b2c29537acd0eae11438d6ebf5cde5434a6ad5b9d2e9eef7e1

    • SHA512

      8a8ccd351d82492f12c851654db4356d1d4a22258cbe1aa20bcf9c9c87cf572fa4cc04dc36ccdbdf4ccefdbb510b4e68749b36ea770ddda74e371cee217b94f4

    • SSDEEP

      196608:/rWAYS6ZOshoKMuIkhVastRL5Di3uh1D7J7:FYSaOshouIkPftRL54YRJ7

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      9�5)m.pyc

    • Size

      1KB

    • MD5

      19fc96e0cb5610953d2dccab6e061340

    • SHA1

      154929dbb6d7a49842e304e554972fe45299ead0

    • SHA256

      c346e706e1ce40a6df77764fc5ab97c81bc0bbd3299f3f20b196f4306466c75b

    • SHA512

      951d51b03d269c58d0afbe1b59023f29be2ae3ea515e7ac8941d81462ffecd31b65626e7bfe39d1e74e906f783578e27666b7521a68956a687e4dd19e4e75fd3

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks