Overview

overview

10

Static

static

10

Loader.exe

windows7-x64

7

Loader.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.exe

  • Size

    18.0MB

  • Sample

    241010-19xsqszcpc

  • MD5

    7882abe8fc824c3a4f7b020d38b6b662

  • SHA1

    12356b0d798ef97fa97f226490ed959c8d11bb02

  • SHA256

    a5ab4944eda66f0a80cd5b1f4d35fc789c7afc38acf2e6449bf3104cf30dd2e1

  • SHA512

    6e9a31edc153840b3fd11a6a7c3e170834f6ec30fdbae7ca269a0e2f07b77e7023fa7bc718cb5cefc7fd18899d8d1b324f9d540347aedb2dcff67223e016908f

  • SSDEEP

    98304:apnEtdFBGJBamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RNOuAK5HSy5yB:kWFEJ8eN/FJMIDJf0gsAGK4RIuAK5X4B

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      18.0MB

    • MD5

      7882abe8fc824c3a4f7b020d38b6b662

    • SHA1

      12356b0d798ef97fa97f226490ed959c8d11bb02

    • SHA256

      a5ab4944eda66f0a80cd5b1f4d35fc789c7afc38acf2e6449bf3104cf30dd2e1

    • SHA512

      6e9a31edc153840b3fd11a6a7c3e170834f6ec30fdbae7ca269a0e2f07b77e7023fa7bc718cb5cefc7fd18899d8d1b324f9d540347aedb2dcff67223e016908f

    • SSDEEP

      98304:apnEtdFBGJBamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RNOuAK5HSy5yB:kWFEJ8eN/FJMIDJf0gsAGK4RIuAK5X4B

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks