166f41d1906990f734e196882a0254377673fbbdba6e70bc504c9e2d2653360e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Yspoofer.bat
Size

46KB
Sample

240824-3kmbtawcpe
MD5

d494964a471ed54a777de4147b5ef661
SHA1

413b3f55ebb5cb7193e3468bbbd75778223c3d70
SHA256

166f41d1906990f734e196882a0254377673fbbdba6e70bc504c9e2d2653360e
SHA512

a6b26d55ebcd0cfa51186f64f41ebe3f401460a5c2e21a1a50b3aa7570447085a7555a0274f9a84442235f93c061e86daf232691d0c2f907f933628891a5ace4
SSDEEP

384:h7aPHV8+SMS8Sn16d/s16JijVAJ9OSU5RCn3I3k4L1oPunRz+eV5pK/F23aKVed9:h26KSBL1oP6Rz+Enfdh9YL8oPbT

Score

10^/10

defense_evasion discovery execution upx

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://github.com/Michael05121996/Calculator/raw/main/%E2%9B%A7

Targets

- Target
  
  Yspoofer.bat
- Size
  
  46KB
- MD5
  
  d494964a471ed54a777de4147b5ef661
- SHA1
  
  413b3f55ebb5cb7193e3468bbbd75778223c3d70
- SHA256
  
  166f41d1906990f734e196882a0254377673fbbdba6e70bc504c9e2d2653360e
- SHA512
  
  a6b26d55ebcd0cfa51186f64f41ebe3f401460a5c2e21a1a50b3aa7570447085a7555a0274f9a84442235f93c061e86daf232691d0c2f907f933628891a5ace4
- SSDEEP
  
  384:h7aPHV8+SMS8Sn16d/s16JijVAJ9OSU5RCn3I3k4L1oPunRz+eV5pK/F23aKVed9:h26KSBL1oP6Rz+Enfdh9YL8oPbT
Score

10^/10

discovery execution defense_evasion upx
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Process Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

defense_evasiondiscoveryexecutionupx