General
-
Target
920e6f84332a744cafb917f6e94356e1fd247bec36d85b06f8a7b80a942c5b96N
-
Size
6.8MB
-
Sample
241007-hkzlxs1gpq
-
MD5
6f451425173b4afd358fdb80a0e82d70
-
SHA1
f36b9aef8c1a8a60da9e418190353541445d823f
-
SHA256
920e6f84332a744cafb917f6e94356e1fd247bec36d85b06f8a7b80a942c5b96
-
SHA512
74841788dcec2962184d642bc2b733f61594e7bd09246545d43a8defad3a068d18bf9fc8029515be6a7f3c3896b2a1aa379b9206f265ae6c9b62412648f01537
-
SSDEEP
98304:8qkwN+MdA5wqM58MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoaZDJ1n6hBnLnzb:8qV18B6ylnlPzf+JiJCsmFMvNn6hVvb
Malware Config
Targets
-
-
Target
920e6f84332a744cafb917f6e94356e1fd247bec36d85b06f8a7b80a942c5b96N
-
Size
6.8MB
-
MD5
6f451425173b4afd358fdb80a0e82d70
-
SHA1
f36b9aef8c1a8a60da9e418190353541445d823f
-
SHA256
920e6f84332a744cafb917f6e94356e1fd247bec36d85b06f8a7b80a942c5b96
-
SHA512
74841788dcec2962184d642bc2b733f61594e7bd09246545d43a8defad3a068d18bf9fc8029515be6a7f3c3896b2a1aa379b9206f265ae6c9b62412648f01537
-
SSDEEP
98304:8qkwN+MdA5wqM58MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoaZDJ1n6hBnLnzb:8qV18B6ylnlPzf+JiJCsmFMvNn6hVvb
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-