Overview

overview

10

Static

static

10

W stash/stash.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Stash.zip

  • Size

    7.5MB

  • Sample

    241020-yx72tszcjl

  • MD5

    5475c3215a61675a711e917ced43db39

  • SHA1

    09c08fbed9fe7522eeadd1f5c6614275552bd58c

  • SHA256

    8b8075f48a1e5a7b9a3d826815704c9d622e279167273bf96dc1dd18a6149203

  • SHA512

    72c8a78eb0e5f710d7b52ecfb4b6077bf0203d53d023ee53861eb153b89a8fded6e06af85c0ae0b2415c28902b82b9fc4fcadc32c628071a19fba6acaa17e772

  • SSDEEP

    196608:dH3BVTi87DSoZzbpJzE7irCSY9mra1sUQX+S6tDNl7o:VTz7DpZzbp2QhY9h1NpS4xS

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      W stash/stash.exe

    • Size

      7.6MB

    • MD5

      917c1182be4726fbd238dc6f192da6b3

    • SHA1

      f4085d351f67658810906ed5fa1ffeb13472e997

    • SHA256

      213620f0d464fcf5b60b17edd0d986b097c7119ff72726efe212ea704e98e591

    • SHA512

      6f5a68e4fed4aa38d0bea4657be2f614ca70b58b6ee96f7dbc64ced2207e7a25f45db47bae29d12b5b65a65fdee01b303a75cec2b37761e5ff515368708c841a

    • SSDEEP

      196608:N+V1mdS9B6ylnlPzf+JiJCsmFMvGSEp4uItVBe76:G9BRlnlPSa7mmvz5u2/f

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks