General
-
Target
LOADER.exe
-
Size
5.8MB
-
Sample
240606-15djasdh45
-
MD5
1f2e445540db3ca020afa5a46a0d0f2c
-
SHA1
ba950e9a9f0862a0ad63e8c63d25cfcfefab7231
-
SHA256
ef78d9661627a415232a88d549d64a060380d7a68837590b67ed609ba0df95b5
-
SHA512
287c4dd04e84aa9f9a328bfcf54eb19677ee187f731ff80485988d275bc6495ca4db6fce380614639c299a00aa0b68c0fa4382534bc22c378b69e25661d821af
-
SSDEEP
98304:RUEtdFBClamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RhOuAK4do7n:lFIgeN/FJMIDJf0gsAGK4RkuAK4y7n
Malware Config
Targets
-
-
Target
LOADER.exe
-
Size
5.8MB
-
MD5
1f2e445540db3ca020afa5a46a0d0f2c
-
SHA1
ba950e9a9f0862a0ad63e8c63d25cfcfefab7231
-
SHA256
ef78d9661627a415232a88d549d64a060380d7a68837590b67ed609ba0df95b5
-
SHA512
287c4dd04e84aa9f9a328bfcf54eb19677ee187f731ff80485988d275bc6495ca4db6fce380614639c299a00aa0b68c0fa4382534bc22c378b69e25661d821af
-
SSDEEP
98304:RUEtdFBClamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RhOuAK4do7n:lFIgeN/FJMIDJf0gsAGK4RkuAK4y7n
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
e�����s.pyc
-
Size
857B
-
MD5
784be46c812b46c919351347bca91f89
-
SHA1
bb015b974de59722b2dedae484ea3de26b055626
-
SHA256
0e25fc9c82204917191952c734a8b03b76768bcb42812e8e1e2a19617062334e
-
SHA512
2615e9269bd249c0c9acbd22a074e9ac56a3b964a5a17e2108616e9307727c215764b980e1ae11b230289b3823a51c74042a87d31a65c43a32f2f0a87a9e4620
Score1/10 -