Overview

overview

10

Static

static

10

fpsboost (2).rar

windows7-x64

3

fpsboost (2).rar

windows10-2004-x64

3

boost.exe

windows7-x64

7

boost.exe

windows10-2004-x64

8

��³|.pyc

windows7-x64

��³|.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fpsboost (2).rar

  • Size

    7.4MB

  • Sample

    240927-veaf3avbra

  • MD5

    626793a2cdb285162232e34659c2ae5d

  • SHA1

    84c5e0233277949af1f2c34eba6718bcc1f3eb9f

  • SHA256

    1c6348aa17516ebe447ffa26013f35242a6e2f8479d6c247bfbbc8d542fb75da

  • SHA512

    60896e74cdef50aef38d249636ddabbe77fc1893963ee40356ddbf49deb88767bffe8e6bf14fdd5820036aea5e14dbe08e14b9760d4a2242104ccbe671fa7388

  • SSDEEP

    196608:L7zHdB0CpnZ38grYytMTiIAZUF7nTnXKloFb:DQMnZMsYKMew36mb

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      fpsboost (2).rar

    • Size

      7.4MB

    • MD5

      626793a2cdb285162232e34659c2ae5d

    • SHA1

      84c5e0233277949af1f2c34eba6718bcc1f3eb9f

    • SHA256

      1c6348aa17516ebe447ffa26013f35242a6e2f8479d6c247bfbbc8d542fb75da

    • SHA512

      60896e74cdef50aef38d249636ddabbe77fc1893963ee40356ddbf49deb88767bffe8e6bf14fdd5820036aea5e14dbe08e14b9760d4a2242104ccbe671fa7388

    • SSDEEP

      196608:L7zHdB0CpnZ38grYytMTiIAZUF7nTnXKloFb:DQMnZMsYKMew36mb

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      boost.exe

    • Size

      7.5MB

    • MD5

      bee5ee8fa4024751c2f10410b38a2099

    • SHA1

      87f4594273dcd8fae82df4b5c3a6f931dcd33bc2

    • SHA256

      3a8f848441b699574acc5c968290f6ab925901edadeb28542d6d4b893f0d8a1e

    • SHA512

      c789ddf4b83d5be250cce251a7b31a120573a192df50bf95dcc0ee17fc6c6129ac3fb28d25f6ea9788c0367c264967f5f34a130c7c1b0508e470d0058ea9fd41

    • SSDEEP

      196608:/VgVVEmwfI9jUC2gYBYv3vbW2+iITx1U6n3:OVVENIH2gYBgDWJTnz3

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      ��³|.pyc

    • Size

      1KB

    • MD5

      cb9d8d1adc6c8eff45c261678df3f643

    • SHA1

      58c2038d557951820120f36598366b866789957e

    • SHA256

      cf0741181e7b0909b231b4e08a0641daac315bdcf90a5909c0ca6465be03ff3f

    • SHA512

      76fd765b0336d9e4d08019a08100b62e5fa9525419b91e94aa9286ac7377ed14a6c6e6995e288733d4e67c6a14f43cf94d491e1020f9354c3aa5a90695799f9a

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks