Overview

overview

10

Static

static

10

titain cord.exe

windows7-x64

7

titain cord.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    titancord.rar

  • Size

    7.4MB

  • Sample

    241005-244jrszfrc

  • MD5

    7ea41d7ccad421a2620b59b67a86aa4e

  • SHA1

    510f6dc614773949daa7f1a8719b110c968495b6

  • SHA256

    cb918104368d23c5df12005d5b117b97ea3aa8720c466d7b85a8bbc2e964f543

  • SHA512

    6abc4d21cc7f7ea50f33fbf89e574492a00329f8d04160917c74c598baa784745f6fa6fcd1c843e65b3f9665af56e1767957f738465151033406db420f74a90a

  • SSDEEP

    196608:yvcOpV3KdipA0Pdg8AnJz0rKtNqEJBA7LqnGsBeFA:Gcs3bPdgbneMXJBA7oJ

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      titain cord.exe

    • Size

      78.0MB

    • MD5

      f540be89c9a860efb26e48a1bcd8475c

    • SHA1

      2490961292e21a22c8f00f7f62802b27a9840387

    • SHA256

      6fb84ed1caf2f687f0cf2c3d1440d1e99f94ce06aebe3e448faf1329489b7259

    • SHA512

      712c0ebd222dd136533f43e2de7ce87b2b2d695a2bffdbe2f2430529f9d22cd232788c6bd9a861976b2549f1a626ea94c8e5ad0fb623a7347dd743022c187abb

    • SSDEEP

      196608:hagVVEqwfI9jUC2gYBYv3vbW2+iITx1U6nW:pVVE5IH2gYBgDWJTnzW

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks