Overview

overview

10

Static

static

10

ClientManager.exe

windows7-x64

7

ClientManager.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ClientManager.exe

  • Size

    8.3MB

  • Sample

    240929-krhyvszbqe

  • MD5

    bce67bdf63565f8bbb30c38a6d9b4fed

  • SHA1

    c8e2168fd2e98e73101ad241c29ca00275d8a8ed

  • SHA256

    da4c3f0ca923ed1b61e543ad7614b4209b4dd3b9a4ff22040692ff3ced495971

  • SHA512

    6e48117514e6fa71f7e5990895c51ddfdd4f49f8eb7182e2c4874401c276a1f7f24f1f1c1ad83876e59dfa26d4f10cffda200c72194e2e0dba0e5a6dc5b98f3d

  • SSDEEP

    196608:7TggVE3zwfI9jUC2gYBYv3vbWEQd+iITx1U6ns:wgVE3AIH2gYBgDWRMTnzs

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      ClientManager.exe

    • Size

      8.3MB

    • MD5

      bce67bdf63565f8bbb30c38a6d9b4fed

    • SHA1

      c8e2168fd2e98e73101ad241c29ca00275d8a8ed

    • SHA256

      da4c3f0ca923ed1b61e543ad7614b4209b4dd3b9a4ff22040692ff3ced495971

    • SHA512

      6e48117514e6fa71f7e5990895c51ddfdd4f49f8eb7182e2c4874401c276a1f7f24f1f1c1ad83876e59dfa26d4f10cffda200c72194e2e0dba0e5a6dc5b98f3d

    • SSDEEP

      196608:7TggVE3zwfI9jUC2gYBYv3vbWEQd+iITx1U6ns:wgVE3AIH2gYBgDWRMTnzs

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks