General
-
Target
SecureDeviceRepairManagement.exe
-
Size
8.2MB
-
Sample
241026-plx8tavgkq
-
MD5
1568d3bd23f5a280760b8479d7de48a8
-
SHA1
c3832bb83eac4e41b9adf62c2a4445a1325e8856
-
SHA256
a7f33ade38f43e313c9ff45ec5689544a57dc88d60e0055961fa71aa10ee932b
-
SHA512
f244266b3f9f19c9ea0ef9e048461106cea842c025cf2bef6dd312311d5971aef48f959b7692d1112fddb83b06515835d116f48277b9e6a848aa0ea9cd499a54
-
SSDEEP
196608:QBQXwVx8urErvI9pWjgN3ZdahF0pbH1AYSEp7WtQsNo/03vC19:yVx8urEUWjqeWxQ96rYY9
Malware Config
Extracted
https:
Targets
-
-
Target
SecureDeviceRepairManagement.exe
-
Size
8.2MB
-
MD5
1568d3bd23f5a280760b8479d7de48a8
-
SHA1
c3832bb83eac4e41b9adf62c2a4445a1325e8856
-
SHA256
a7f33ade38f43e313c9ff45ec5689544a57dc88d60e0055961fa71aa10ee932b
-
SHA512
f244266b3f9f19c9ea0ef9e048461106cea842c025cf2bef6dd312311d5971aef48f959b7692d1112fddb83b06515835d116f48277b9e6a848aa0ea9cd499a54
-
SSDEEP
196608:QBQXwVx8urErvI9pWjgN3ZdahF0pbH1AYSEp7WtQsNo/03vC19:yVx8urEUWjqeWxQ96rYY9
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-