blankgrabber | 5d887dd72893e3bd40b291a1dc3ea2bc94f6d0daf4de318bd1005b57fbe114ca

General

Target

SolaraV3.exe
Size

6.0MB
Sample

241004-ql2rnswdpm
MD5

7dd77a8611b56c1ed090293e3ab40f08
SHA1

1cb4be6453ab5dbeebd8339e0ec4264d6efa611c
SHA256

5d887dd72893e3bd40b291a1dc3ea2bc94f6d0daf4de318bd1005b57fbe114ca
SHA512

755ebb1e999ede433f4734552ca91677d33f9309993891435201ed04a539c1537bf80d4c6b45475a8b461ca235a92b27de0f07cfdeb84aaaa467407929523b2e
SSDEEP

196608:PrumWebTeOjmFwDRxtYSHdK34kdai7bN3m2EQca:KUK2pM9B3Q9w

Score

10^/10

Malware Config

Targets

- Target
  
  SolaraV3.exe
- Size
  
  6.0MB
- MD5
  
  7dd77a8611b56c1ed090293e3ab40f08
- SHA1
  
  1cb4be6453ab5dbeebd8339e0ec4264d6efa611c
- SHA256
  
  5d887dd72893e3bd40b291a1dc3ea2bc94f6d0daf4de318bd1005b57fbe114ca
- SHA512
  
  755ebb1e999ede433f4734552ca91677d33f9309993891435201ed04a539c1537bf80d4c6b45475a8b461ca235a92b27de0f07cfdeb84aaaa467407929523b2e
- SSDEEP
  
  196608:PrumWebTeOjmFwDRxtYSHdK34kdai7bN3m2EQca:KUK2pM9B3Q9w
Score

10^/10

discovery evasion execution upx
- Deletes Windows Defender Definitions
  Uses mpcmdrun utility to delete all AV definitions.
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

3

T1059

PowerShell

2

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Deletes Windows Defender Definitions

Command and Scripting Interpreter: PowerShell

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

Looks up external IP address via web service

Enumerates processes with tasklist

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4