Overview

overview

10

Static

static

10

akame (1).exe

windows7-x64

7

akame (1).exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    akame (1).exe

  • Size

    8.1MB

  • Sample

    240925-r1nc9stgqd

  • MD5

    e91b9515d27171ceddae5d1568469692

  • SHA1

    397e41ce8829129686f0398c32903cc624ce9d4d

  • SHA256

    336116651d657263fbeca5e3f2fe2116a93e1b83bf37cd5b230bfa999195a929

  • SHA512

    ba8d5cb2daa2ab170d815d8a207dd19102b4da2d94a36cf6b5f1e2a35e5fe2a4dc9e4e632d73eb56d10bbeced52e7044f8700400b0e8695fbfe5db7ad1bece0d

  • SSDEEP

    196608:wEY36YuKOshoKMuIkhVastRL5Di3unSEi1D7K:ZY3vOshouIkPftRL54XNRK

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      akame (1).exe

    • Size

      8.1MB

    • MD5

      e91b9515d27171ceddae5d1568469692

    • SHA1

      397e41ce8829129686f0398c32903cc624ce9d4d

    • SHA256

      336116651d657263fbeca5e3f2fe2116a93e1b83bf37cd5b230bfa999195a929

    • SHA512

      ba8d5cb2daa2ab170d815d8a207dd19102b4da2d94a36cf6b5f1e2a35e5fe2a4dc9e4e632d73eb56d10bbeced52e7044f8700400b0e8695fbfe5db7ad1bece0d

    • SSDEEP

      196608:wEY36YuKOshoKMuIkhVastRL5Di3unSEi1D7K:ZY3vOshouIkPftRL54XNRK

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks