Overview

overview

10

Static

static

10

Xicors Gen(1).rar

windows10-2004-x64

8

Resubmissions

07-10-2024 12:10

241007-pcjdasvbrn 10

07-10-2024 12:09

241007-pbznwsybkb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Xicors Gen(1).rar

  • Size

    14.5MB

  • Sample

    241007-pcjdasvbrn

  • MD5

    2620f203a75349b6924cf1e96a63f6a2

  • SHA1

    cef364175e57f23e10d6bfa79912a4eb0749dc79

  • SHA256

    3360f0ceb4fa0e36f3767a4aee69ecfe0098198b655a0993f9119698f45ab267

  • SHA512

    00e557ea0baa40b5497d23ca072d69575a5faa872ecf3497d35e07b9e89a96c5fba923e97588e4d61381a02203aef88c5b9ed53a584e617f9f6433f1262ed821

  • SSDEEP

    393216:gJJ7UvRJQak2oJd5grZjvKvUjW3BRqymxtH:F1oLCrZ6UjW3+y2tH

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Xicors Gen(1).rar

    • Size

      14.5MB

    • MD5

      2620f203a75349b6924cf1e96a63f6a2

    • SHA1

      cef364175e57f23e10d6bfa79912a4eb0749dc79

    • SHA256

      3360f0ceb4fa0e36f3767a4aee69ecfe0098198b655a0993f9119698f45ab267

    • SHA512

      00e557ea0baa40b5497d23ca072d69575a5faa872ecf3497d35e07b9e89a96c5fba923e97588e4d61381a02203aef88c5b9ed53a584e617f9f6433f1262ed821

    • SSDEEP

      393216:gJJ7UvRJQak2oJd5grZjvKvUjW3BRqymxtH:F1oLCrZ6UjW3+y2tH

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks