General
-
Target
cyder perm.exe
-
Size
7.5MB
-
Sample
241020-13gsyavdkj
-
MD5
da73cfdd266d2d0c39f0db9cd7c45578
-
SHA1
d8d3cc3a4e93b9099c855ae7e92d1dc2bf56d925
-
SHA256
0e34979b0e6ad3b2bd32d91768175a05f2a39782b1dd40b3f3a6deb920498b08
-
SHA512
714abd45725d7ee637362b29a186686caf5a5d05ec644a9d86fab1129865d5155b59c3d93a16587a44adaa046ce8026bb65cd7b0e6447524915e428ef3cd580f
-
SSDEEP
98304:uWSi8TRMXRUiurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh11c:uxsBUiurErvI9pWjgfPvzm6gsFEF4f6
Malware Config
Targets
-
-
Target
cyder perm.exe
-
Size
7.5MB
-
MD5
da73cfdd266d2d0c39f0db9cd7c45578
-
SHA1
d8d3cc3a4e93b9099c855ae7e92d1dc2bf56d925
-
SHA256
0e34979b0e6ad3b2bd32d91768175a05f2a39782b1dd40b3f3a6deb920498b08
-
SHA512
714abd45725d7ee637362b29a186686caf5a5d05ec644a9d86fab1129865d5155b59c3d93a16587a44adaa046ce8026bb65cd7b0e6447524915e428ef3cd580f
-
SSDEEP
98304:uWSi8TRMXRUiurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh11c:uxsBUiurErvI9pWjgfPvzm6gsFEF4f6
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-