Overview

overview

10

Static

static

10

Bypass.py.exe

windows7-x64

7

Bypass.py.exe

windows11-21h2-x64

8

Resubmissions

17-10-2024 08:13

241017-j4prhasfqp 10

17-10-2024 08:11

241017-j3lcpayhkg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bypass.py (wentsmokee).7z

  • Size

    8.1MB

  • Sample

    241017-j4prhasfqp

  • MD5

    a681dfe19ddab272f4acdbd955a1abc8

  • SHA1

    2d63d5120b4a0ac0cccb8deaee223a9dc3ef1b17

  • SHA256

    78455310b8415c4c9e5f980f2398a9a6397d7fbf382bd686a275559de359ee2b

  • SHA512

    9d3a532793fe0bd74f497f636f9a207dc767d0c35d35f576c53b7300f7f1f64bce8fc3b51fda6d91ad70d3b67c42c1d65a3864c260cfcfeadf7ec70bd220cadb

  • SSDEEP

    196608:vKaHz+E4kC624/wwnRGkXyBLnNWhfj7YHbpug5QYv8PKr:vKFErCrvwnYWgnNWh7apugSY0Cr

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Bypass.py.exe

    • Size

      8.2MB

    • MD5

      98c468bff89968698cfc1620262ced8b

    • SHA1

      84b6907613f8b8cda3ebc3bce05059c5090d81b6

    • SHA256

      fc6877d9477a95f5614338f2d16c8ff3b063c5a3be50badf55469cac77c8e662

    • SHA512

      8357d846ea3cbe5c99403bc3a3974876cf4c29f2004cc719eb57fe856ab8cba6066b287599870bed8a57c06145449566047af1b39e2286041a6fb070897e0a72

    • SSDEEP

      196608:XWWBju9urErvI9pWjg/Qc+4o673pNrabebSE2yzWGPMYnN9s:vqurEUWjZZ4dDLIeWKzWGPTNC

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks