8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36

General

Target

PowderLauncher.exe
Size

421KB
Sample

241003-rx617szgjq
MD5

ea774962ca4d02a3fc3a853d18abefd9
SHA1

1160ef2dbf1a83ac8151e02d558611d18e798638
SHA256

8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36
SHA512

a2433f876f357d2a15957bac6cbb3f2e4d867e4d4d076bdd224677d67ac1d2597927788f34db6efd87605b2cfb8ac690d8ec16ece154412ffd7ce7b75e11cd7e
SSDEEP

6144:bmGIhx4I13Y2t0EyL+upREyrZzalOSjlbshojjjM4739E0Ld57X2znBtHMGvGd:yt4IFIRKcTZzalXQSDMw9dAS

Score

7^/10

Malware Config

Targets

- Target
  
  PowderLauncher.exe
- Size
  
  421KB
- MD5
  
  ea774962ca4d02a3fc3a853d18abefd9
- SHA1
  
  1160ef2dbf1a83ac8151e02d558611d18e798638
- SHA256
  
  8107bd54d0e16c675274e28d56e9672f5d0b03741b626e9cd836c8304ead7c36
- SHA512
  
  a2433f876f357d2a15957bac6cbb3f2e4d867e4d4d076bdd224677d67ac1d2597927788f34db6efd87605b2cfb8ac690d8ec16ece154412ffd7ce7b75e11cd7e
- SSDEEP
  
  6144:bmGIhx4I13Y2t0EyL+upREyrZzalOSjlbshojjjM4739E0Ld57X2znBtHMGvGd:yt4IFIRKcTZzalXQSDMw9dAS
Score

7^/10

discovery persistence pyinstaller
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral2
- Target
  
  Newtonsoft.Json.dll
- Size
  
  685KB
- MD5
  
  081d9558bbb7adce142da153b2d5577a
- SHA1
  
  7d0ad03fbda1c24f883116b940717e596073ae96
- SHA256
  
  b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3
- SHA512
  
  2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511
- SSDEEP
  
  12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
Score

1^/10
behavioral3
- Target
  
  PostInstaller.exe
- Size
  
  23KB
- MD5
  
  41ba083ed39e906bef870255419edd28
- SHA1
  
  4ac8cbebdc4f0ada8018497c0acb35a22062a836
- SHA256
  
  52243ff195b844ecab87fce461947c779fe2cb8fac21282a05d1f2abfd4ede86
- SHA512
  
  2538a95882bb2b8ad8180a5fe569330d04079422067e4ad1d1fe985c36c5704821199c6625a56a5f032f31a22c8e4d9beaf72422aaa59e05fea9ecf6c33f465b
- SSDEEP
  
  384:CLDaVl9ec3YEyOWNcccXNMtG5/uo6ki2KP9gizC3inAM+o/8E9VF0NylCgK:CL+f9e2YEKxUdgr2KRzCynAMxkE6
Score

1^/10
behavioral4
- Target
  
  PowderBootstrap.exe
- Size
  
  26KB
- MD5
  
  874284cb887ce96f1fe6bd903a17cfcb
- SHA1
  
  615056be9f980fdc7167b74d8b1f5dbaf0c1f99d
- SHA256
  
  40b4a8932314a19f7ba201ae4613428b4f4e1bcda43a177158d956fd5d2f58bb
- SHA512
  
  53e9e2a38a3a4d4fcb2222279ec6379c61e792a6167094c70a94fe8be3dab34823b40d456cdacce5180f9598a47e0edd5d30760a878cc791f3e14e2c749770a1
- SSDEEP
  
  384:r4NgykacoZE8KaScRxKV6yxFHV0bSNkvwKwq6u8iJp/uo6ki2KP9gizOGwAM+o/M:8NgbuEaShv1YjQr2KRz0AMxkE4
Score

5^/10

discovery pyinstaller
- Enumerates processes with tasklist
  discovery
behavioral5