General
-
Target
Built.exe
-
Size
7.4MB
-
Sample
241020-wkylhssajc
-
MD5
089a57ec426ca21d19dcce0ac3654f58
-
SHA1
95a9deee47fcb1a39b36ebc395381b264b366b26
-
SHA256
e0e763edb855020ec6a3f959d6666fa43b90068aa9e24055607937e0ceeb27f5
-
SHA512
a5c109a2f31794f8c4d29e3f2afa089af22fe24676bdbd54e3cb4268393cfc25d30826ad625339106baade36d8163ef7323992637594ef4d1042b50e34b56b36
-
SSDEEP
196608:Y10cDPrLjv+bhqNVoBKUh8mz4Iv9PQv1DVQ:ziPPL+9qz8/b4Imv3Q
Malware Config
Targets
-
-
Target
Built.exe
-
Size
7.4MB
-
MD5
089a57ec426ca21d19dcce0ac3654f58
-
SHA1
95a9deee47fcb1a39b36ebc395381b264b366b26
-
SHA256
e0e763edb855020ec6a3f959d6666fa43b90068aa9e24055607937e0ceeb27f5
-
SHA512
a5c109a2f31794f8c4d29e3f2afa089af22fe24676bdbd54e3cb4268393cfc25d30826ad625339106baade36d8163ef7323992637594ef4d1042b50e34b56b36
-
SSDEEP
196608:Y10cDPrLjv+bhqNVoBKUh8mz4Iv9PQv1DVQ:ziPPL+9qz8/b4Imv3Q
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
�� �ƽ�.pyc
-
Size
1KB
-
MD5
e7e8834967d92ed6ed9f3118aa24ad2a
-
SHA1
ae3cc0224230a067f6f8ef1e82ac523c9d559760
-
SHA256
72e0d2175266346aa7d404202b4cd9665247f72be01061c86df53e4ba7e5a07b
-
SHA512
367b88849abc689eee6fdd0e7570ce17a36d32d19827de904cb541df2bf7a41cf6f838040a54820f032b8f7dcb8b8ddc4b22a39b55b9a4efe2ae9928fcae0467
Score1/10 -