General
-
Target
Setup.exe
-
Size
6.9MB
-
Sample
240930-sq6brssckp
-
MD5
79449b07369b46285e48375f771c996a
-
SHA1
21dbca3df86327b33176a7819132c12e11895700
-
SHA256
8c955a37a31e8ce5e6948ff860205ab894cef6e4ec834c426fb7c8c5e87946f8
-
SHA512
0588aa0fd61767a871ca9bc087ffc81aa51a00d6237b9475d0fb250f41cf7d33913e22ab775089af68580c4af2aea3b388efa9fa99e41bdda3228c9f06f9b62e
-
SSDEEP
98304:4BDjWM8JEE1r6GAamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhEIJ:4B0HBeNTfm/pf+xk4dWRptrbWOjgrA
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
6.9MB
-
MD5
79449b07369b46285e48375f771c996a
-
SHA1
21dbca3df86327b33176a7819132c12e11895700
-
SHA256
8c955a37a31e8ce5e6948ff860205ab894cef6e4ec834c426fb7c8c5e87946f8
-
SHA512
0588aa0fd61767a871ca9bc087ffc81aa51a00d6237b9475d0fb250f41cf7d33913e22ab775089af68580c4af2aea3b388efa9fa99e41bdda3228c9f06f9b62e
-
SSDEEP
98304:4BDjWM8JEE1r6GAamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhEIJ:4B0HBeNTfm/pf+xk4dWRptrbWOjgrA
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-