Overview

overview

10

Static

static

10

ldr_Eaoa.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ldr_Eaoa.exe

  • Size

    7.5MB

  • Sample

    240927-y4d3bszenh

  • MD5

    a0b8303d60e3dcba90b09b7dcfcc9ef6

  • SHA1

    97d3f57b477563ec3aadb46afbc8cecc7d7b139e

  • SHA256

    9d27cf99afc3b7fa68d74e6f1fb95ec24f369de527fcd4e810b5d454c7d5ac6b

  • SHA512

    f08926d6415f9716e0baedc6dc9852fd63f562a52ab8b5aa983be37c163cf6e134a0591a1bc02f95df1b24f4ed636dd0d0aa5dcc963d8c5e2a7c674353a9ea43

  • SSDEEP

    196608:SUgVVEh1wfI9jUC2gYBYv3vbW2+iITx1U6ne:OVVEsIH2gYBgDWJTnze

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      ldr_Eaoa.exe

    • Size

      7.5MB

    • MD5

      a0b8303d60e3dcba90b09b7dcfcc9ef6

    • SHA1

      97d3f57b477563ec3aadb46afbc8cecc7d7b139e

    • SHA256

      9d27cf99afc3b7fa68d74e6f1fb95ec24f369de527fcd4e810b5d454c7d5ac6b

    • SHA512

      f08926d6415f9716e0baedc6dc9852fd63f562a52ab8b5aa983be37c163cf6e134a0591a1bc02f95df1b24f4ed636dd0d0aa5dcc963d8c5e2a7c674353a9ea43

    • SSDEEP

      196608:SUgVVEh1wfI9jUC2gYBYv3vbW2+iITx1U6ne:OVVEsIH2gYBgDWJTnze

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks