Overview

overview

10

Static

static

10

Gaia_4.0up...ed.exe

windows7-x64

7

Gaia_4.0up...ed.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Gaia_4.0_updated.rar

  • Size

    6.8MB

  • Sample

    241019-k2565szdnl

  • MD5

    fe99220ba022873d098264b9e7032a08

  • SHA1

    cc7c2a7d945a7b4c2fd4c66094d9498a9e6187db

  • SHA256

    a3c4d7a23ac00dd484d70316f999ed2c5a3e307ba5ee658617e7bdfad66e041b

  • SHA512

    0eaaf05709b665342d439065394dfdcf3897b0ce7c8646db7705fb6ac124eb04abfe3e01fa2848623288eb28b270a1748da8e3267be9b0a3aed8892c8b4788b3

  • SSDEEP

    196608:9So1ZnhqNe7Y7Z8e4H+noOLWroYOwlzmIf0rWHBK:9SOhq5lKULWroVGK

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Gaia_4.0updated/Gaia_4.0updated.exe

    • Size

      6.9MB

    • MD5

      32fb61ef7672686bf3761fc691ebee12

    • SHA1

      8101f361e5992a9ea54a32c43bf805f4d0facd5c

    • SHA256

      a64dbb3b319482243d89f68420fc8a53e42f4f0cafc90de2ad1ae81da0133260

    • SHA512

      92931c4668e056015cb04b5243fcc9fa74810c800555160442e6a9925f213370232567872f43d9a4b3eba98a236b4203be11bfbdc762f57c1ca84eaaab92a297

    • SSDEEP

      98304:/wDjWM8JEE1rmaamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEIFu:/w0WzeNTfm/pf+xk4dWRatrbWOjgKQ

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks