Overview

overview

10

Static

static

10

Rc7.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Rc7.exe

  • Size

    10.0MB

  • Sample

    241021-yqzrwavfpk

  • MD5

    a66e9741513a5e9923e60dd8fb9f0cfc

  • SHA1

    54a443cc69c20c2c97330cc85382fa7359448741

  • SHA256

    f7b8a6a3ab1744ef866a00f5179a31637db45a202178f92c5d511f391ddb3609

  • SHA512

    e0c77c97d884f2cd29c458be2b5a31007965ce1c7688fde89e22c71fc8818fdaa86c333a8fce5b2759310fc5af7d0b7bb94b782e71feb1ad72270aaa35a9b951

  • SSDEEP

    196608:RuTYS6pOshoKMuIkhVastRL5Di3uq1D7m/:IYSSOshouIkPftRL54DRy

Score
10/10
blankgrabberdiscoveryevasionexecutionupx

Malware Config

Targets

    • Target

      Rc7.exe

    • Size

      10.0MB

    • MD5

      a66e9741513a5e9923e60dd8fb9f0cfc

    • SHA1

      54a443cc69c20c2c97330cc85382fa7359448741

    • SHA256

      f7b8a6a3ab1744ef866a00f5179a31637db45a202178f92c5d511f391ddb3609

    • SHA512

      e0c77c97d884f2cd29c458be2b5a31007965ce1c7688fde89e22c71fc8818fdaa86c333a8fce5b2759310fc5af7d0b7bb94b782e71feb1ad72270aaa35a9b951

    • SSDEEP

      196608:RuTYS6pOshoKMuIkhVastRL5Di3uq1D7m/:IYSSOshouIkPftRL54DRy

    Score
    10/10
    discoveryevasionexecutionupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks