General
-
Target
cyder perm.exe
-
Size
7.5MB
-
Sample
241020-155yjsveqm
-
MD5
da73cfdd266d2d0c39f0db9cd7c45578
-
SHA1
d8d3cc3a4e93b9099c855ae7e92d1dc2bf56d925
-
SHA256
0e34979b0e6ad3b2bd32d91768175a05f2a39782b1dd40b3f3a6deb920498b08
-
SHA512
714abd45725d7ee637362b29a186686caf5a5d05ec644a9d86fab1129865d5155b59c3d93a16587a44adaa046ce8026bb65cd7b0e6447524915e428ef3cd580f
-
SSDEEP
98304:uWSi8TRMXRUiurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh11c:uxsBUiurErvI9pWjgfPvzm6gsFEF4f6
Malware Config
Targets
-
-
Target
cyder perm.exe
-
Size
7.5MB
-
MD5
da73cfdd266d2d0c39f0db9cd7c45578
-
SHA1
d8d3cc3a4e93b9099c855ae7e92d1dc2bf56d925
-
SHA256
0e34979b0e6ad3b2bd32d91768175a05f2a39782b1dd40b3f3a6deb920498b08
-
SHA512
714abd45725d7ee637362b29a186686caf5a5d05ec644a9d86fab1129865d5155b59c3d93a16587a44adaa046ce8026bb65cd7b0e6447524915e428ef3cd580f
-
SSDEEP
98304:uWSi8TRMXRUiurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh11c:uxsBUiurErvI9pWjgfPvzm6gsFEF4f6
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
I�o�qw�.pyc
-
Size
1KB
-
MD5
5ff43d50c3999416d7bb5d6bb0068dd9
-
SHA1
44bb264261b67aa9fc47ef048bec4522415803fb
-
SHA256
1d253fe12d342815b2a4502807286e27b0ba467d38da00300233f24d25a791e6
-
SHA512
216e22427936d7e8cfcd509852580e7fb0bdd55011809c41072229f5e4c8bc5f018491d201976f0160aff26f1ea3084e59bbdd9b0accf5cca0124597774996cb
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1