Overview

overview

10

Static

static

10

Tempest.exe

windows7-x64

7

Tempest.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Tempest.exe

  • Size

    75.9MB

  • Sample

    240807-vjypfsvale

  • MD5

    ebfaa1d9949c75252082ef900171cc88

  • SHA1

    52335d715d19512ea5dd7cf3d0cf08275e8c71ec

  • SHA256

    39c4ef7fdd4f1fe9e538ebe85d86cc5b21008226d6d61979bc251ceae80fd87a

  • SHA512

    06b2b71c4d34e27d301fae208d12471a92f0689955630ca8371d0838505e654df7ac8d80b6fb045e5c4bd3b44c72b83c1617d43f1e63cf47b7fb567a0cf8afa0

  • SSDEEP

    1572864:T2vHcRlqGSk8IpG7V+VPhqWdfWE7wFltFziYweyJulZUdgAdW4ppuBa/Z9UN/:ivHcRxSkB05awqfG3CpukdRG89U

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Tempest.exe

    • Size

      75.9MB

    • MD5

      ebfaa1d9949c75252082ef900171cc88

    • SHA1

      52335d715d19512ea5dd7cf3d0cf08275e8c71ec

    • SHA256

      39c4ef7fdd4f1fe9e538ebe85d86cc5b21008226d6d61979bc251ceae80fd87a

    • SHA512

      06b2b71c4d34e27d301fae208d12471a92f0689955630ca8371d0838505e654df7ac8d80b6fb045e5c4bd3b44c72b83c1617d43f1e63cf47b7fb567a0cf8afa0

    • SSDEEP

      1572864:T2vHcRlqGSk8IpG7V+VPhqWdfWE7wFltFziYweyJulZUdgAdW4ppuBa/Z9UN/:ivHcRxSkB05awqfG3CpukdRG89U

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks