Overview

overview

10

Static

static

10

AMDupeExploit.rar

windows7-x64

7

AMDupeExploit.rar

windows10-2004-x64

1

AMDupeExploit.exe

windows7-x64

7

AMDupeExploit.exe

windows10-2004-x64

8

y�lrz�B.pyc

windows7-x64

y�lrz�B.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AMDupeExploit.rar

  • Size

    6.7MB

  • Sample

    241026-ss2rcswgmj

  • MD5

    6a082af24d420bdcc6f63c23fb641589

  • SHA1

    4aefd2b3432f052336d2716fa5881304cbcd68a2

  • SHA256

    aa5b7367b2b86a3b6e6847a7b168d153e1267c84da8e60b7c9a92a5dfb504fe4

  • SHA512

    ab0018b9b00e57a7ec8db9d4d734cc9d4e3de2814b8ef6559acb1fb0fad540a62a179ac50d368a1a58d05653dc4499bb4c7578b8b2b9b84de5f9b22277d252c0

  • SSDEEP

    196608:T8591bzyr9dtk9k5ADOWgimO1iw9YcH3b1XjUXAH:T859JWr9PkmlWgTSmcH3BjUY

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      AMDupeExploit.rar

    • Size

      6.7MB

    • MD5

      6a082af24d420bdcc6f63c23fb641589

    • SHA1

      4aefd2b3432f052336d2716fa5881304cbcd68a2

    • SHA256

      aa5b7367b2b86a3b6e6847a7b168d153e1267c84da8e60b7c9a92a5dfb504fe4

    • SHA512

      ab0018b9b00e57a7ec8db9d4d734cc9d4e3de2814b8ef6559acb1fb0fad540a62a179ac50d368a1a58d05653dc4499bb4c7578b8b2b9b84de5f9b22277d252c0

    • SSDEEP

      196608:T8591bzyr9dtk9k5ADOWgimO1iw9YcH3b1XjUXAH:T859JWr9PkmlWgTSmcH3BjUY

    Score
    7/10
    upx

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      AMDupeExploit.exe

    • Size

      17.0MB

    • MD5

      d67b6fd7be094652214db99a7ecb05bd

    • SHA1

      8f444caa0ca2fe7684d203692cd954bf13b53473

    • SHA256

      a290a4596cfd35a9b95561fb9a95f292b2244005046e545020735ae850c98d6e

    • SHA512

      b7a7b4baad87526a97000b1e0108985a2f332bff948c1bec6d2192d3be1de9768b171f842b255db60f7938b2e11aed55c1cf786187e23b2e78c3356454075076

    • SSDEEP

      196608:0NV1rFuB6ylnlPzf+JiJCsmFMvcn6hVv9:TBRlnlPSa7mmvc+l

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      y�lrz�B.pyc

    • Size

      1KB

    • MD5

      6205e33267a739e747b4b03bd9648bf1

    • SHA1

      85640aab805a8fb5670d063107011e7bcde1ff71

    • SHA256

      da0930d03ab8fbd6b30a8675ee29f309c4d06f14199f9d3762e715a3578f2809

    • SHA512

      14f3ebd0eea779f21ed44fe5941f4b9beab6a7c8bfe9548fa55ed7b331e556a13ce27add21c27d35591e217a3be38d7f88be8e80bfd5b973c55e9f040378006d

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks