General
-
Target
stash.exe
-
Size
7.6MB
-
Sample
241026-teqbvatnhs
-
MD5
917c1182be4726fbd238dc6f192da6b3
-
SHA1
f4085d351f67658810906ed5fa1ffeb13472e997
-
SHA256
213620f0d464fcf5b60b17edd0d986b097c7119ff72726efe212ea704e98e591
-
SHA512
6f5a68e4fed4aa38d0bea4657be2f614ca70b58b6ee96f7dbc64ced2207e7a25f45db47bae29d12b5b65a65fdee01b303a75cec2b37761e5ff515368708c841a
-
SSDEEP
196608:N+V1mdS9B6ylnlPzf+JiJCsmFMvGSEp4uItVBe76:G9BRlnlPSa7mmvz5u2/f
Malware Config
Targets
-
-
Target
stash.exe
-
Size
7.6MB
-
MD5
917c1182be4726fbd238dc6f192da6b3
-
SHA1
f4085d351f67658810906ed5fa1ffeb13472e997
-
SHA256
213620f0d464fcf5b60b17edd0d986b097c7119ff72726efe212ea704e98e591
-
SHA512
6f5a68e4fed4aa38d0bea4657be2f614ca70b58b6ee96f7dbc64ced2207e7a25f45db47bae29d12b5b65a65fdee01b303a75cec2b37761e5ff515368708c841a
-
SSDEEP
196608:N+V1mdS9B6ylnlPzf+JiJCsmFMvGSEp4uItVBe76:G9BRlnlPSa7mmvz5u2/f
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-