Overview

overview

10

Static

static

10

lib.exe

windows7-x64

7

lib.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lib.exe

  • Size

    6.9MB

  • Sample

    241026-2vyxxszfma

  • MD5

    271f3e8682246ce41bbc46d069563cc3

  • SHA1

    666985a96dfa3fde288ef0d4952f5aef6c288fa1

  • SHA256

    95549563d715c0fdf964b7dddda8c464494e784c20c772306b15d7d63455975a

  • SHA512

    2a23a6c6a4add342fa824447cfb7093d8658e919d259487423950d2b6d6c690b29cd30683bab631192d4de5febfe070c9786ede88d09dbd1ee69e839fed25a50

  • SSDEEP

    98304:cWzHqdVfB2FS27wSyuT/9vUIdD9C+z3zO917vOTh+ezDNh75vmJ1nmOBN9n4mUM1:cGQshbT/9bvLz3S1bA3z4n97L

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      lib.exe

    • Size

      6.9MB

    • MD5

      271f3e8682246ce41bbc46d069563cc3

    • SHA1

      666985a96dfa3fde288ef0d4952f5aef6c288fa1

    • SHA256

      95549563d715c0fdf964b7dddda8c464494e784c20c772306b15d7d63455975a

    • SHA512

      2a23a6c6a4add342fa824447cfb7093d8658e919d259487423950d2b6d6c690b29cd30683bab631192d4de5febfe070c9786ede88d09dbd1ee69e839fed25a50

    • SSDEEP

      98304:cWzHqdVfB2FS27wSyuT/9vUIdD9C+z3zO917vOTh+ezDNh75vmJ1nmOBN9n4mUM1:cGQshbT/9bvLz3S1bA3z4n97L

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks