General

  • Target

    python.exe

  • Size

    7.7MB

  • Sample

    240623-wen5wssanq

  • MD5

    ed3f68efe0d560123bb3b2aa952802a5

  • SHA1

    571db61ef4390ee691039933bb3fac10ff3cbe30

  • SHA256

    b72ab7fe4ca887cacf16707b292f69012136ed3d9bfb750be96e0fe82741679f

  • SHA512

    5611bbb54703f7a80660a19e8d8236db6ae48fc19c5c018ca935ab884b4e1c25fb80c12eb35aa7a2ee8720f24580b1258759fe6cc39372607f5c157eb9254bf5

  • SSDEEP

    196608:hrtg0YC6eNTfm/pf+xk4dfrl7RGtrbWOjgWyp:6ey/pWu4NpRGtrbvMWyp

Malware Config

Targets

    • Target

      python.exe

    • Size

      7.7MB

    • MD5

      ed3f68efe0d560123bb3b2aa952802a5

    • SHA1

      571db61ef4390ee691039933bb3fac10ff3cbe30

    • SHA256

      b72ab7fe4ca887cacf16707b292f69012136ed3d9bfb750be96e0fe82741679f

    • SHA512

      5611bbb54703f7a80660a19e8d8236db6ae48fc19c5c018ca935ab884b4e1c25fb80c12eb35aa7a2ee8720f24580b1258759fe6cc39372607f5c157eb9254bf5

    • SSDEEP

      196608:hrtg0YC6eNTfm/pf+xk4dfrl7RGtrbWOjgWyp:6ey/pWu4NpRGtrbvMWyp

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks