General
-
Target
IDM 6.xx Activator or Resetter v3.3.exe
-
Size
522KB
-
Sample
241021-kfvhhsydpl
-
MD5
b2bb695b656dfb91e01967de3a8beee3
-
SHA1
30ebac4eb84aa036bed8f8931b6493348b87108a
-
SHA256
7822fa6c35cbd1cfb95c780970deef14d8b53c62ade3a4bcf63c494c3f2e5bbd
-
SHA512
4c052ae34c2063b2d2ec8a9a877eaa4c20906d979d94305430bb00a3e7991ec7349b7a3965a0479dd48a1763bdb66e449a5be4c8d9c59abcaa3f180fedf8d269
-
SSDEEP
12288:Mk5L2FqPzzhB4kLSQ4ybubjWlj+o2sjdg:M2yQPvnlS7ybubjKj+NsRg
Malware Config
Targets
-
-
Target
IDM 6.xx Activator or Resetter v3.3.exe
-
Size
522KB
-
MD5
b2bb695b656dfb91e01967de3a8beee3
-
SHA1
30ebac4eb84aa036bed8f8931b6493348b87108a
-
SHA256
7822fa6c35cbd1cfb95c780970deef14d8b53c62ade3a4bcf63c494c3f2e5bbd
-
SHA512
4c052ae34c2063b2d2ec8a9a877eaa4c20906d979d94305430bb00a3e7991ec7349b7a3965a0479dd48a1763bdb66e449a5be4c8d9c59abcaa3f180fedf8d269
-
SSDEEP
12288:Mk5L2FqPzzhB4kLSQ4ybubjWlj+o2sjdg:M2yQPvnlS7ybubjKj+NsRg
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1