Overview

overview

10

Static

static

10

PIXITCH.EXE1 PAID.exe

windows10-2004-x64

8

PIXITCH.EXE1 PAID.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PIXITCH.EXE1 PAID.exe

  • Size

    10.0MB

  • Sample

    241004-ypfbvaxgpe

  • MD5

    b747659444753d6e13760c1570b463a5

  • SHA1

    7b22b21fb17174871a35aae82f60415da2be1ae8

  • SHA256

    11e9a38f9de76466dd77fb93054b5ff33e25893e4fd1ccfdf6d36386b1dcc1f4

  • SHA512

    ce3552de9916c23246c524a0e02a09d132d5b7d0d7fb263c280817d46a4491f4ca0a6e1e36e0a71ec83eec4e12e57965a8126f358fb3385cbc8d58bae1270116

  • SSDEEP

    196608:L7FboeN/FJMIDJf0gsAGK5SEQRWuAKZybt:N/Fqyf0gsfNRAKk

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      PIXITCH.EXE1 PAID.exe

    • Size

      10.0MB

    • MD5

      b747659444753d6e13760c1570b463a5

    • SHA1

      7b22b21fb17174871a35aae82f60415da2be1ae8

    • SHA256

      11e9a38f9de76466dd77fb93054b5ff33e25893e4fd1ccfdf6d36386b1dcc1f4

    • SHA512

      ce3552de9916c23246c524a0e02a09d132d5b7d0d7fb263c280817d46a4491f4ca0a6e1e36e0a71ec83eec4e12e57965a8126f358fb3385cbc8d58bae1270116

    • SSDEEP

      196608:L7FboeN/FJMIDJf0gsAGK5SEQRWuAKZybt:N/Fqyf0gsfNRAKk

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks