General

  • Target

    nullbulge_async)17946580238.zip

  • Size

    6.9MB

  • Sample

    240627-e2zrgavenq

  • MD5

    b6ff8d5d2346a91cd62d215e25a934de

  • SHA1

    37f552c737fd194e2f4e54f2ca0be8df46fe8e7f

  • SHA256

    f53a8080a768a595fe67e88e0a2a18d2d8af82cfe175bcf07bfc02e98b4a0da9

  • SHA512

    ae67e9a0b77c41ad905bc0c81b24d7fa07566da40d844dd009de03ca5f07310baabb320984bada5516b0878d50c91a2fa6cb52dc8d59c16e2703c5b2362ec3b5

  • SSDEEP

    196608:8P22ABI9f6bjtNMfRN8tx08vYUOf8cDOQajJUoLh:8P22pijMpmtKxlf8GOQCUoLh

Malware Config

Targets

    • Target

      47067e90fc480f76baf40c751ea5577268520fb00fa7ca60bc3460c7907aeafa

    • Size

      7.1MB

    • MD5

      64978fa034266b3ed2691d986f3af2ef

    • SHA1

      0cd5dc12bca41f6667547aa10b9cf1d989ba30a0

    • SHA256

      47067e90fc480f76baf40c751ea5577268520fb00fa7ca60bc3460c7907aeafa

    • SHA512

      58d10809bf335b75feaa6bce5d0974e77ec8f19da15224243e5ac3e9ebf7c76f53c830b744632b3690fa46952f1da844552c852d1d408eb5f991d7d092edae9c

    • SSDEEP

      196608:rU4QFdQmRJ8dA6lXCy1ArqkVpKCX+PrF4ZDEu6egh4:o4GdQuslXrAZYCuPJODJ6eg

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks