Overview

overview

10

Static

static

10

legitwarel...er.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    legitwareloader.zip

  • Size

    6.7MB

  • Sample

    241021-fdqdkaygkf

  • MD5

    6aa57779222dae3d5f7ba5390ae3decf

  • SHA1

    68ab7f3f628903643f8e8c51d3f564528e877129

  • SHA256

    bc62a9ab052e0895e87288dbd8332b1ff6e556d180ba2fdf7e437c053077f7b2

  • SHA512

    11a7b44c5efdece936d9cb67606029673efdf223db91907704a45720a4044f46d11d1c05aa9eb33b82a7fafdb53b172231f693429276c05c487d06fc3a92fdc0

  • SSDEEP

    196608:KZfJ+5CaE4e4dDXIud73NDChTWM2esxmiwFHX:m+Y74e4dDYuF9KtvSPwFHX

Score
10/10
blankgrabberdiscoveryevasionexecutionupx

Malware Config

Targets

    • Target

      legitwareloader/legitware/legitwareloader.exe

    • Size

      9.0MB

    • MD5

      57d2bd9e3c05063c8bfd7258acd08675

    • SHA1

      2ea7bad1cf34c8e9d9eb6d1b646d487fe60c70f0

    • SHA256

      825e6f22b79530f2185528db6fbb56fecd2c82148186cbd15481f09a86bbfcd9

    • SHA512

      e434573785d2ac57891dd72ee1244268b079fea31aa699e4b4351d6b7a72d76528bdbf76cf9d655f414f8673b5474e102775eee0ee2a83a7d25daa8d1dc7ddc0

    • SSDEEP

      98304:2fCkwN+MdA5wqSnWN6t8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DovaDJ1n6hT:2KV1vQB6ylnlPzf+JiJCsmFMvln6hqgj

    Score
    10/10
    discoveryevasionexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks