Overview

overview

10

Static

static

10

MailRanger.exe

windows7-x64

7

MailRanger.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MailRanger.exe

  • Size

    41.0MB

  • Sample

    241003-s5ateashnm

  • MD5

    e6192d6331a9740564c3efe508918a61

  • SHA1

    a131355c7f27a82fe579709e499f2f9a828f109d

  • SHA256

    123953f1dfed722664fb5441e302c95cdd59464fb26d7854e941378663796e1b

  • SHA512

    198255925995a34fdf9a9c1af64bf5604cad37a54e17be3796c5de90e5e9ccd2d3b8d14611e2d57cdfba099ac24c2d9addc7030f5c591972aaa637bb7940a11a

  • SSDEEP

    98304:lcSi8x9XQsUeAurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC1r:lLP9VpAurErvI9pWjgfPvzm6gsFE14Ar

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      MailRanger.exe

    • Size

      41.0MB

    • MD5

      e6192d6331a9740564c3efe508918a61

    • SHA1

      a131355c7f27a82fe579709e499f2f9a828f109d

    • SHA256

      123953f1dfed722664fb5441e302c95cdd59464fb26d7854e941378663796e1b

    • SHA512

      198255925995a34fdf9a9c1af64bf5604cad37a54e17be3796c5de90e5e9ccd2d3b8d14611e2d57cdfba099ac24c2d9addc7030f5c591972aaa637bb7940a11a

    • SSDEEP

      98304:lcSi8x9XQsUeAurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EAKhOC1r:lLP9VpAurErvI9pWjgfPvzm6gsFE14Ar

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks