Overview

overview

10

Static

static

10

nltestrk.exe

windows7-x64

7

nltestrk.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nltestrk.exe

  • Size

    7.5MB

  • Sample

    241018-j2pcysyflp

  • MD5

    32ae2ad546382dfcb8e7462e42d06893

  • SHA1

    106f32fc4e9bb7d690b55bc135d1cb0ac311207e

  • SHA256

    546184968c2e9d51bc297cba05bfcb74606f23fc8ba641ef0d01c2cfa9a1f235

  • SHA512

    73091375706194c05be291af9524e5953d7daf04eb15dabaacca7246535400953421acd76ffe3f24661e3db5ecc73eecd19cfca4ba38035c85793871c610e489

  • SSDEEP

    196608:d/qQlL5WurErvI9pWjgN3ZdahF0pbH1AYiGrUniC+ICz0fSn89:pourEUWjqeWxkGrgSVw

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      nltestrk.exe

    • Size

      7.5MB

    • MD5

      32ae2ad546382dfcb8e7462e42d06893

    • SHA1

      106f32fc4e9bb7d690b55bc135d1cb0ac311207e

    • SHA256

      546184968c2e9d51bc297cba05bfcb74606f23fc8ba641ef0d01c2cfa9a1f235

    • SHA512

      73091375706194c05be291af9524e5953d7daf04eb15dabaacca7246535400953421acd76ffe3f24661e3db5ecc73eecd19cfca4ba38035c85793871c610e489

    • SSDEEP

      196608:d/qQlL5WurErvI9pWjgN3ZdahF0pbH1AYiGrUniC+ICz0fSn89:pourEUWjqeWxkGrgSVw

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks