General
-
Target
feather.zip
-
Size
81.1MB
-
Sample
240611-ws29nswcqg
-
MD5
f2d059f5834543d166e650590f9fe573
-
SHA1
006832be8a6184d26198ddea6f32e93927853889
-
SHA256
a8d738c7427f3a81c50449a91fca1a4c6f801b0193ce12a2dd2d418e553b4730
-
SHA512
d532129a63e6816cca5d79047d633ca7f7207fd1e3c0fae01134d10e7848ca77446c382eb68d4e2c7497eacda149a982edc94a7cf981e90391303e7d830f4ccf
-
SSDEEP
1572864:VWypficxVUIm5CT+ds+fGROO8LopVFOJEE7S/0dikpEwIaBEPUHeo:VW2KmU1i+iRXU57qeikEFMHeo
Static task
static1
Behavioral task
behavioral1
Sample
feather.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
feather.exe
-
Size
81.1MB
-
MD5
4ffa727c03dbcf8a73fd839c8773749c
-
SHA1
31a6375fc4f2ff53287d9240696a576c28f15c30
-
SHA256
a4c5f72184b8bb06b6202074d1c81469ea56f74dace70d09fb5c798f85d8b700
-
SHA512
92cc6080b3a94ce7266e124fa885735ef4a12e21cb2320abb349bf67398539edff38ed8af8963d0e643fe6b2acd303951341a6eadbeeb256b15df8c1ae9b77d0
-
SSDEEP
1572864:U4gPXMoXxnYytwXaLyC6k9sEOQZgD3nWDUENqJQRaCluoWUDwhCXkF7:U4AcKn5saZ9s5kRNqQaCKTQXkF7
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Disables Task Manager via registry modification
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1