General
-
Target
vixen2.0.exe
-
Size
8.2MB
-
Sample
241020-1mtskasamg
-
MD5
d4f9ca03abc3b60b1fa919409cc37c4b
-
SHA1
01ebaeb0b5c2935d6890aec09d95c6bbc85d39b1
-
SHA256
babd1c5d627a996f61758f3a62b9d85f06f6f99750d5196f0c6856c59c1a293b
-
SHA512
e0c8a1c9b5d4e59efc3602b3d084fd018c31f4cfd2dc2d52605c61988e7c8a44656e884ab91c7285bb5fde2a8e62c351062b1184b0cf6e3a4ec8466960d2d240
-
SSDEEP
196608:snEzULjv+bhqNVoB8Ck5c7GpNlpq41J2ySEqbk9qtl8f8j+:k9L+9qz88Ck+7q3p91Jm+dfE+
Malware Config
Targets
-
-
Target
vixen2.0.exe
-
Size
8.2MB
-
MD5
d4f9ca03abc3b60b1fa919409cc37c4b
-
SHA1
01ebaeb0b5c2935d6890aec09d95c6bbc85d39b1
-
SHA256
babd1c5d627a996f61758f3a62b9d85f06f6f99750d5196f0c6856c59c1a293b
-
SHA512
e0c8a1c9b5d4e59efc3602b3d084fd018c31f4cfd2dc2d52605c61988e7c8a44656e884ab91c7285bb5fde2a8e62c351062b1184b0cf6e3a4ec8466960d2d240
-
SSDEEP
196608:snEzULjv+bhqNVoB8Ck5c7GpNlpq41J2ySEqbk9qtl8f8j+:k9L+9qz88Ck+7q3p91Jm+dfE+
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Oj��Go�.pyc
-
Size
1KB
-
MD5
c60b43073a43c47533ca21672a0e67a0
-
SHA1
2b922169eaffc92cf2fa5b1b88c3bf74cff3e022
-
SHA256
76c5a7d891d19a834d4c829e167c17dec91781ba0935556aa7816dc658183084
-
SHA512
2c2a6816dd10a153733e2b031af96d4b2bfec3fe54ca7707908d82b0d0958b2e7c0c9bb7abcfa423be228ab6876e9982f533a80e98f15690924c50d1927db108
Score1/10 -