Overview

overview

10

Static

static

10

TD Service...mp.exe

windows7-x64

7

TD Service...mp.exe

windows10-2004-x64

8

�eߢ���.pyc

windows7-x64

�eߢ���.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TD Services.rar

  • Size

    7.3MB

  • Sample

    241005-sxrf7azhpf

  • MD5

    f896cde1f00e237e76925b10691c5cca

  • SHA1

    b308aac2822c25492d5c58ab58ba2b65a8dfa568

  • SHA256

    7bb40f2c8da1c11da3632804c53efe599e14c0740e84298b6bd2f16432266296

  • SHA512

    45ffb1053e8adae566638b512c5a4fb0399aaf8de96e9e3734b88966c9a871d5c6571fb195db3ad2fbd623aac43c16fa88ce89efcf2ccec9e506e0ecb1a0888d

  • SSDEEP

    196608:0I8ig9+zOWrC6GJ6tKyqHhQhWiogIK4b/U7EPnpQStY0Hhr:0zfQzjrCLOUWIgzgtpDYsN

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      TD Services/TD Temp.exe

    • Size

      7.4MB

    • MD5

      bf8add560c79745d7ee0b45515549c24

    • SHA1

      18beeafcc1de02254599ee6337403687495fd6b8

    • SHA256

      75040c2970554d4538984df2517e722cf6fcd6ce02cbd694a2ec59fb08fba623

    • SHA512

      44a745eb9142e966831deabd83cbb93c7f80d78d90018153ba35fe09819f7f69af1aa1ebfaca664c802bd7bcf7cc2e3ea317000878cc71c6a56ca3d0728b0616

    • SSDEEP

      98304:gDSi8x9XQsHurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EJKhOC1126:g2P9VHurErvI9pWjgfPvzm6gsFEg4At

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      �eߢ���.pyc

    • Size

      1KB

    • MD5

      b18e5eb28f0e45e5775bd2949f16a536

    • SHA1

      e41ab0fefa42977aa8a9c5895531105a6475b74c

    • SHA256

      9b91cc46238fbfc611418a680d1a3592e5e529ad6a4194467466dc69fceb0e65

    • SHA512

      192c701da2a49a9856bacce5fe0b666cf07db9bf09de870d4592d833d80528d1632ab65e9749c256213806c69b814c518d9e9dc41c883c8f1408ca4d9a50595a

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks