Overview

overview

10

Static

static

10

nigger.butthole.exe

windows7-x64

7

nigger.butthole.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nigger.butthole.exe

  • Size

    8.3MB

  • Sample

    241005-2amn6avbqr

  • MD5

    3839bb7ebd6428c23ff0d239b22007d7

  • SHA1

    369066b12606c01254f28d71a9df42395200438a

  • SHA256

    9461682208bd1106a2271c8c6dc406b541c27d617b33cdf4169486cf3028db5e

  • SHA512

    19d544715af49c72ad31e5a8e9c3e641d6b34dc44e2bad3814480506591b5e4cf165db783bfc5f4c8831013f0faf918293421eb2688c62a26deae0dd0ec7981c

  • SSDEEP

    196608:ywuyqZHwfI9jUC2XMvH8zPjweaBpZ0cISEu2ooccXK7oS0:uKIH2XgHq+jq283Yop

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      nigger.butthole.exe

    • Size

      8.3MB

    • MD5

      3839bb7ebd6428c23ff0d239b22007d7

    • SHA1

      369066b12606c01254f28d71a9df42395200438a

    • SHA256

      9461682208bd1106a2271c8c6dc406b541c27d617b33cdf4169486cf3028db5e

    • SHA512

      19d544715af49c72ad31e5a8e9c3e641d6b34dc44e2bad3814480506591b5e4cf165db783bfc5f4c8831013f0faf918293421eb2688c62a26deae0dd0ec7981c

    • SSDEEP

      196608:ywuyqZHwfI9jUC2XMvH8zPjweaBpZ0cISEu2ooccXK7oS0:uKIH2XgHq+jq283Yop

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks