General

  • Target

    division.rar

  • Size

    8.2MB

  • Sample

    240624-vknwmswfjr

  • MD5

    2f9ac24a5f7645c94237e74c356aa874

  • SHA1

    dda3cf28090f0edc91685407f85ef78dddeb6a14

  • SHA256

    8b6d1f3c03ff815c45c383dc85a702e37b746b008128a451d305eddfb10e725b

  • SHA512

    a2e2cdef0e1375daa662acd3184ab315db1e9bb42052c41651f862eb9729142e8cec94d3f2903a1032dc8cfcc769d422cb9a27f8ebad8b6fb9e8ffe3f7c2a187

  • SSDEEP

    196608:rfMQQ5fT7UC1tX/YzQisiAaeSxMI7z4zCPT+TcK26kIDNDwSUsb0:rEQQJf31tvYcdNaek7z4q/FI5MA0

Malware Config

Targets

    • Target

      division.exe

    • Size

      25.0MB

    • MD5

      cc33d3f6de844b7309347135d35f2da2

    • SHA1

      d4279b0aac11e41fde9f1045677319e71ce98bb7

    • SHA256

      646c588c9d4eb6d228681fee6847a135bdc2a03f3b13b6c6950e7e2a47b1b176

    • SHA512

      10c3bba0e9a4bbd79ab4a446bead8363c9d48d238006aa9a5673160d950caa52c5f1e3d7516a998b5fa67551b4d8136d1b444834616f6c413ec5cbe4e1a14c2c

    • SSDEEP

      196608:aP/QNlwuL9SurErvI9pWjgN3ZdahF0pbH1AuX/O2qNCtQsNI/SXxhU:lWnurEUWjqeWx5N/6nExhU

    Score
    10/10
    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks