Overview

overview

10

Static

static

10

Neverlose.exe

windows7-x64

7

Neverlose.exe

windows10-2004-x64

8

#�L��Ş.pyc

windows7-x64

#�L��Ş.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neverlose.rar

  • Size

    5.7MB

  • Sample

    240928-x91mvasgln

  • MD5

    be45d759c00cbb9c2f398aa83b64d2c3

  • SHA1

    86c2884e3e3a3f8aac33b3930495c3cf7799dd08

  • SHA256

    0dde24970994a708a737b05127a7881c7d9a49eb23a9a1697fa9be7329a9c993

  • SHA512

    88390a65f5d7fdce71fbb96af015624b51c1eef8914d5e08ca3073d19f4868ad61b167775010412132ab6179811ae688e8c56f4b83fda6fc48872104e10adbec

  • SSDEEP

    98304:qYMWzBCFCWBQH1BVbZoC/1O5J/gQkDbLVilWCHX4TZLgDOiZMWR2x5xT9oFW:q3W1jHXQI1O5h1WLElWCoTZliuWIV6W

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Neverlose.exe

    • Size

      5.9MB

    • MD5

      07aa0ef64cdaea07aa2114bd0c9e3548

    • SHA1

      a4ae0005d3bd954c9f8a5db7e79d43ecc4b049c1

    • SHA256

      8ea71b405dab1fafd460195d39d652b56306313cd465aa17492f00afd7696f59

    • SHA512

      d791fb54d5ac98b7c498ac2b0c18493ba24c6b2890bb587c518d5df0df423da62f4f89f28cd4bfb8a65bd46ffd2b25cdcc97880d6b8b63e497226fd2b7373a7d

    • SSDEEP

      98304:8g+WCHTTZi65sn6Wfz7pnxCjJaWlpx1dstaNoSwKHf1c3z5MOueAeFq9hCkrM0nS:8zr/7DOYjJlpZstQoS9Hf12VKX5bCChy

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      #�L��Ş.pyc

    • Size

      857B

    • MD5

      cc2117fbc7a4e03721cd783f097dd724

    • SHA1

      ac2dbd300cd90e4cb4dd4680daf3c98f15ebe5c7

    • SHA256

      9b9e3f6c98c227d7c0684febaf70e69b66af946b0a65597d98505cae8000203f

    • SHA512

      feb9e624139ae778758935b063b13d32d04d8025c751bf77edd375b841dfe9101c6df4aaf1a76fe4886f6d73b268b1bf882bbd7f9fe8bdbef64efad2c8777fea

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks