Overview

overview

10

Static

static

10

EZFNLauncher.exe

windows7-x64

7

EZFNLauncher.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EZFNLauncher.exe

  • Size

    6.0MB

  • Sample

    241004-vbhy2azanf

  • MD5

    cd48b5be93cdbce97532e6901a9f2ab0

  • SHA1

    4c04d9357f2ffb49e85b0b561d7701b38246880e

  • SHA256

    e7cfe19e2f7b88620b0fde61891065ace2b4a2c200aea8e1ad82c4abd171fe98

  • SHA512

    6dd9a38f998d3d8d8eff3c3b8a0b59f08a244a9279d7ea293d176e58f50a16e853147b2495e20702256a894603c9a3e9e916a1d51455616a900e2360c5025cd6

  • SSDEEP

    98304:qAEtdFByEamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RyBMTv3OssLSu:qnFMleN/FJMIDJf0gsAGK4RyuTOWu

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      EZFNLauncher.exe

    • Size

      6.0MB

    • MD5

      cd48b5be93cdbce97532e6901a9f2ab0

    • SHA1

      4c04d9357f2ffb49e85b0b561d7701b38246880e

    • SHA256

      e7cfe19e2f7b88620b0fde61891065ace2b4a2c200aea8e1ad82c4abd171fe98

    • SHA512

      6dd9a38f998d3d8d8eff3c3b8a0b59f08a244a9279d7ea293d176e58f50a16e853147b2495e20702256a894603c9a3e9e916a1d51455616a900e2360c5025cd6

    • SSDEEP

      98304:qAEtdFByEamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RyBMTv3OssLSu:qnFMleN/FJMIDJf0gsAGK4RyuTOWu

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks