Overview

overview

10

Static

static

10

opera.exe

windows7-x64

7

opera.exe

windows10-2004-x64

8

�E����.pyc

windows7-x64

�E����.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    opera.exe

  • Size

    6.9MB

  • Sample

    241014-yac8yawelr

  • MD5

    50d45237c36a226cd10bd2bdc685c049

  • SHA1

    ea0edf24cefd88a0be2ceaf92e1bf44fab817f64

  • SHA256

    45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812

  • SHA512

    4222b2a602d716f20e735b49078a4b34639ea1c6ed7ee76a30227fd46a047225d4dde75e359998cbdaf389a435da458ee1f903a9c779c3d4420798c98f899d58

  • SSDEEP

    98304:eNDjWM8JEE1rkZ9VamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhE4:eN0veNTfm/pf+xk4dWRptrbWOjgrK

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      opera.exe

    • Size

      6.9MB

    • MD5

      50d45237c36a226cd10bd2bdc685c049

    • SHA1

      ea0edf24cefd88a0be2ceaf92e1bf44fab817f64

    • SHA256

      45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812

    • SHA512

      4222b2a602d716f20e735b49078a4b34639ea1c6ed7ee76a30227fd46a047225d4dde75e359998cbdaf389a435da458ee1f903a9c779c3d4420798c98f899d58

    • SSDEEP

      98304:eNDjWM8JEE1rkZ9VamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhE4:eN0veNTfm/pf+xk4dWRptrbWOjgrK

    Score
    8/10
    discoveryupxexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      �E����.pyc

    • Size

      1KB

    • MD5

      edbbcac2220be08ee90d4f933f71be88

    • SHA1

      fb6f6b12bac90768c8f644f68e99850ec53b8575

    • SHA256

      d4c65391a7b6ec3b197ec4343a9744270d80b2e2910a1d946e445ab07d013e3c

    • SHA512

      248ee79efa4d8c9eceadd7dc981648a11afaa73578985a83b76cc1dde925eaf3bcd566c0b1911a4be0461931dbc433fbeb66e23f71486a9caf352fe90f65c691

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks