Overview

overview

10

Static

static

1

Start Executor.bat

windows10-2004-x64

10

Start Executor.bat

windows11-21h2-x64

10

Resubmissions

13/07/2024, 13:28

240713-qqtxmavcla 10

13/07/2024, 13:08

240713-qdcgtasamn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Start Executor.bat

  • Size

    551B

  • Sample

    240713-qqtxmavcla

  • MD5

    fe821790779e191b514f7d90b381d191

  • SHA1

    03be2cfc52ec390a30209c33f7ea3a42589a0785

  • SHA256

    6afbbef338a695004853bb806f146efdd2d216a1fa58cb34fd10509495b4415b

  • SHA512

    425cdb0bd257a71a952293c77984635484dd30a6fc8c9f287100a99016ffc51a884442595eb6eed102fcbceebb6b01f609ba45f5fb2535a3156a8eef04ab50aa

Score
10/10
executionupx

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/vlyian/scorpix/releases/download/vypix/Scorpix-ExecutorV3.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://github.com/vlyian/scorpixe/releases/download/vypix/ScorpixDLL.exe

Targets

    • Target

      Start Executor.bat

    • Size

      551B

    • MD5

      fe821790779e191b514f7d90b381d191

    • SHA1

      03be2cfc52ec390a30209c33f7ea3a42589a0785

    • SHA256

      6afbbef338a695004853bb806f146efdd2d216a1fa58cb34fd10509495b4415b

    • SHA512

      425cdb0bd257a71a952293c77984635484dd30a6fc8c9f287100a99016ffc51a884442595eb6eed102fcbceebb6b01f609ba45f5fb2535a3156a8eef04ab50aa

    Score
    10/10
    executionupx

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks