Overview

overview

10

Static

static

10

Bypass.exe

windows7-x64

7

Bypass.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bypass.exe

  • Size

    10.0MB

  • Sample

    241025-zz1k7svcrf

  • MD5

    9969bb15f30f5dcc019ee34135af5b7a

  • SHA1

    8aaaafdc249f6c2a41c295e537517e6556d22533

  • SHA256

    d5786c70ef2cc88c90135a540d233829fa51e1f402e08f122bcae4c7718c4903

  • SHA512

    302a995fc091a2946e1a0eb6c984e9f204a74fbf6e91993aa8f45e78a534ee3d8d7505613018b73fb6a797ea99a7e732977399855ffca5c9017d2498132f160a

  • SSDEEP

    98304:f+Si8x9XQsVurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4E8KhOC1127:f5P9VVurErvI9pWjgfPvzm6gsFEB4AuP

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Bypass.exe

    • Size

      10.0MB

    • MD5

      9969bb15f30f5dcc019ee34135af5b7a

    • SHA1

      8aaaafdc249f6c2a41c295e537517e6556d22533

    • SHA256

      d5786c70ef2cc88c90135a540d233829fa51e1f402e08f122bcae4c7718c4903

    • SHA512

      302a995fc091a2946e1a0eb6c984e9f204a74fbf6e91993aa8f45e78a534ee3d8d7505613018b73fb6a797ea99a7e732977399855ffca5c9017d2498132f160a

    • SSDEEP

      98304:f+Si8x9XQsVurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4E8KhOC1127:f5P9VVurErvI9pWjgfPvzm6gsFEB4AuP

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks