General

  • Target

    PanelExecutorV11.exe

  • Size

    21.6MB

  • Sample

    240921-bpxjssydkk

  • MD5

    4dea3fa5b32cef7b60b4f0dbc59bde20

  • SHA1

    3dc17cd3cf0903f3517420e460503bf597cdb4e5

  • SHA256

    55adbaa92fa95917138c7b5131004200a935c081d3dad61962bdafe8ec634a37

  • SHA512

    5cae7bcc74c9d39b78aeeae91cca6ca22c1ec4d04bd00b20e5c250b3624fe6ac5b0effe33357e4d0eb4e7aee63641963b7a90762ce573770a0b3172976f7d66f

  • SSDEEP

    393216:VucfrlJZalcU7npXO9ALGWPZcKHVY0LsomH69LBGYkNk046j7JjX8qJvX:VLz/UfE9ADPyPwrmmLBJGxXJP

Malware Config

Targets

    • Target

      PanelExecutorV11.exe

    • Size

      21.6MB

    • MD5

      4dea3fa5b32cef7b60b4f0dbc59bde20

    • SHA1

      3dc17cd3cf0903f3517420e460503bf597cdb4e5

    • SHA256

      55adbaa92fa95917138c7b5131004200a935c081d3dad61962bdafe8ec634a37

    • SHA512

      5cae7bcc74c9d39b78aeeae91cca6ca22c1ec4d04bd00b20e5c250b3624fe6ac5b0effe33357e4d0eb4e7aee63641963b7a90762ce573770a0b3172976f7d66f

    • SSDEEP

      393216:VucfrlJZalcU7npXO9ALGWPZcKHVY0LsomH69LBGYkNk046j7JjX8qJvX:VLz/UfE9ADPyPwrmmLBJGxXJP

    • Disables service(s)

    • Renames multiple (155) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.