General
-
Target
Beamer.exe
-
Size
9.0MB
-
Sample
241001-hpl7dszfrh
-
MD5
44a6f0ae96d472db452aabf234efc36c
-
SHA1
cb1d88784e806d5843a8c36b2129d008ec7fbe8a
-
SHA256
c428a2bc35747a28c68733c20722ee0bb92225d8e3e9133e45632ffd16354329
-
SHA512
e3f85d389c0a4e9dbe0ea7f093ef553e688ac10fa2d603bb07e6733c45efb4c5b7aec18f1302d1c87ab6033ef5fe4d936fd8faa9403ae101b81f6f4f97f5f517
-
SSDEEP
196608:SGFbGzeN/FJMIDJf0gsAGK5SEQRluAKca6Cg:so/Fqyf0gsfNMAKU
Malware Config
Targets
-
-
Target
Beamer.exe
-
Size
9.0MB
-
MD5
44a6f0ae96d472db452aabf234efc36c
-
SHA1
cb1d88784e806d5843a8c36b2129d008ec7fbe8a
-
SHA256
c428a2bc35747a28c68733c20722ee0bb92225d8e3e9133e45632ffd16354329
-
SHA512
e3f85d389c0a4e9dbe0ea7f093ef553e688ac10fa2d603bb07e6733c45efb4c5b7aec18f1302d1c87ab6033ef5fe4d936fd8faa9403ae101b81f6f4f97f5f517
-
SSDEEP
196608:SGFbGzeN/FJMIDJf0gsAGK5SEQRluAKca6Cg:so/Fqyf0gsfNMAKU
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-