Overview

overview

10

Static

static

10

stash.exe

windows7-x64

7

stash.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bl7otSd.rar

  • Size

    7.5MB

  • Sample

    241020-y3hn5ayanf

  • MD5

    d3e7984af95ae205f0a607ca768e695c

  • SHA1

    09932dd2147e71c04326804b91f5259814116446

  • SHA256

    b84df8faea2a3ff1270f1e808151ba0e25a97d7cfabb6ef9d2536d7add38e463

  • SHA512

    3d446b1e597f60a6b74336e5c50a0fdbcd9b75be16d3c335ef1a7e82d23b0b733b574d080114ad4cf7f4a57ebfa7bc70340994fc939f1004ea294ec5266e1795

  • SSDEEP

    196608:Lg4HmyQb2evjP2yfE7IDS4xKR1LhNzBf+XZn0fX:5HGv2MDfKDh6XZniX

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      stash.exe

    • Size

      7.6MB

    • MD5

      917c1182be4726fbd238dc6f192da6b3

    • SHA1

      f4085d351f67658810906ed5fa1ffeb13472e997

    • SHA256

      213620f0d464fcf5b60b17edd0d986b097c7119ff72726efe212ea704e98e591

    • SHA512

      6f5a68e4fed4aa38d0bea4657be2f614ca70b58b6ee96f7dbc64ced2207e7a25f45db47bae29d12b5b65a65fdee01b303a75cec2b37761e5ff515368708c841a

    • SSDEEP

      196608:N+V1mdS9B6ylnlPzf+JiJCsmFMvGSEp4uItVBe76:G9BRlnlPSa7mmvz5u2/f

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks