General
-
Target
GRADIENTLOADER.zip
-
Size
57.4MB
-
Sample
240824-whgj8ascrd
-
MD5
f02ed71ab2c31d4e53327c626ec978b1
-
SHA1
6446c506c56deb6e4cc60ea21abb1cbf24648420
-
SHA256
8c030073c10ea9058edfb91eb8d8b60ed10a8844690a8321b8f65ab56951d268
-
SHA512
e62c14cf8cbeb0a364da28b430e261a0ff5841847f709be9e2600d2caee4c0ec1ad91ddc85e99769ab59f116b940c6bc00af3229bb146ca6c297d784b2acd6e0
-
SSDEEP
1572864:WBH3D5KU2J9pC2pZW3LX7wdu+avx9slHgfffuz:WBHduxZmX7sBlH4fe
Malware Config
Targets
-
-
Target
1ST.exe
-
Size
447KB
-
MD5
58008524a6473bdf86c1040a9a9e39c3
-
SHA1
cb704d2e8df80fd3500a5b817966dc262d80ddb8
-
SHA256
1ef6c1a4dfdc39b63bfe650ca81ab89510de6c0d3d7c608ac5be80033e559326
-
SHA512
8cf492584303523bf6cdfeb6b1b779ee44471c91e759ce32fd4849547b6245d4ed86af5b38d1c6979729a77f312ba91c48207a332ae1589a6e25de67ffb96c31
-
SSDEEP
6144:Vzv+kSn74iCmfianQGDM3OXTWRDy9GYQDUmJFXIXHrsUBnBTF8JJCYrYNsQJzfgu:Vzcn7EanlQiWtYhmJFSwUBLcQZfgiD
Score7/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
GRADIENTLOADER.exe
-
Size
77.3MB
-
MD5
033068e1bd57cbc0c3643875c82c03eb
-
SHA1
7c7a25f00bacb09677781098e9c7818972599cc5
-
SHA256
cadf54b2cb4ac1ee63f3b1908385c1ad43e1a713e724f81b5ecd5b6c31bd235f
-
SHA512
586009d992246194d36e396cfecafcec94c741c714669a2ed28d5ca029ab31efc7b6aa9684da551b9a9df582072d77aae09ab2245c0f86ea941194ef2adfdd52
-
SSDEEP
1572864:gxB7vFQqMrlpA+Ql4VddvIe6MqQZ19Wb04xhMk:gxBJyklAdvNF/9e0eh
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Hide Artifacts: Hidden Files and Directories
-