General
-
Target
reapware.exe
-
Size
7.4MB
-
Sample
241014-alc6batdna
-
MD5
3f88af2ff6c929380294ea6b406de9aa
-
SHA1
f95a0fa62b803094ce969b37364e3aa1d8079c52
-
SHA256
7a8ba863b86526b5aa7eb5efea18415162aef77a8cb1f2c328bf42edd3853b39
-
SHA512
68ce9bc911bc0f0d3fd6821bbd6b20afcfc71e0469d10e668c754900be16ed7b52af50813663d0b1c9a82f83848cc26e34afa82b3f6c3e2ac2c38e57657face9
-
SSDEEP
98304:vvSi8x9XQs0UurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EJKhOC11L:vaP9V0UurErvI9pWjgfPvzm6gsFEg4At
Malware Config
Targets
-
-
Target
reapware.exe
-
Size
7.4MB
-
MD5
3f88af2ff6c929380294ea6b406de9aa
-
SHA1
f95a0fa62b803094ce969b37364e3aa1d8079c52
-
SHA256
7a8ba863b86526b5aa7eb5efea18415162aef77a8cb1f2c328bf42edd3853b39
-
SHA512
68ce9bc911bc0f0d3fd6821bbd6b20afcfc71e0469d10e668c754900be16ed7b52af50813663d0b1c9a82f83848cc26e34afa82b3f6c3e2ac2c38e57657face9
-
SSDEEP
98304:vvSi8x9XQs0UurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EJKhOC11L:vaP9V0UurErvI9pWjgfPvzm6gsFEg4At
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-