Overview

overview

10

Static

static

10

opera.exe

windows11-21h2-x64

8

Resubmissions

14-10-2024 21:00

241014-ztb1nawelc 10

14-10-2024 20:16

241014-y15e4syark 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    opera.exe

  • Size

    6.9MB

  • Sample

    241014-ztb1nawelc

  • MD5

    50d45237c36a226cd10bd2bdc685c049

  • SHA1

    ea0edf24cefd88a0be2ceaf92e1bf44fab817f64

  • SHA256

    45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812

  • SHA512

    4222b2a602d716f20e735b49078a4b34639ea1c6ed7ee76a30227fd46a047225d4dde75e359998cbdaf389a435da458ee1f903a9c779c3d4420798c98f899d58

  • SSDEEP

    98304:eNDjWM8JEE1rkZ9VamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhE4:eN0veNTfm/pf+xk4dWRptrbWOjgrK

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      opera.exe

    • Size

      6.9MB

    • MD5

      50d45237c36a226cd10bd2bdc685c049

    • SHA1

      ea0edf24cefd88a0be2ceaf92e1bf44fab817f64

    • SHA256

      45ffc60dd4b24fa905cbfc6a1cc6122ed2d057be75fa8cfee2d3df72ad03c812

    • SHA512

      4222b2a602d716f20e735b49078a4b34639ea1c6ed7ee76a30227fd46a047225d4dde75e359998cbdaf389a435da458ee1f903a9c779c3d4420798c98f899d58

    • SSDEEP

      98304:eNDjWM8JEE1rkZ9VamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYKJJcGhE4:eN0veNTfm/pf+xk4dWRptrbWOjgrK

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks