General
-
Target
loader_protected.exe
-
Size
8.0MB
-
Sample
241027-1lnvxs1kgw
-
MD5
0d3ca96cfc1dafcaa865aa4b2b7cc3fc
-
SHA1
512f390c79c335fd06091a8d66d84666b4086f16
-
SHA256
3a71db88c62fa69586797b35b97059ed58d246282196b8d95507aab37658a48a
-
SHA512
2ae741fc92471ce44e3b196fe5d8c3ca967927d8aca1a7d0a10ef88a62f384baeabc279fe78e7ae0ed60b359586551d27b537cedeebcb6db7a4ba5bfb40331fc
-
SSDEEP
98304:vXSi8TRzyurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh112mJV:vimurErvI9pWjgfPvzm6gsFEF4f9
Malware Config
Targets
-
-
Target
loader_protected.exe
-
Size
8.0MB
-
MD5
0d3ca96cfc1dafcaa865aa4b2b7cc3fc
-
SHA1
512f390c79c335fd06091a8d66d84666b4086f16
-
SHA256
3a71db88c62fa69586797b35b97059ed58d246282196b8d95507aab37658a48a
-
SHA512
2ae741fc92471ce44e3b196fe5d8c3ca967927d8aca1a7d0a10ef88a62f384baeabc279fe78e7ae0ed60b359586551d27b537cedeebcb6db7a4ba5bfb40331fc
-
SSDEEP
98304:vXSi8TRzyurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh112mJV:vimurErvI9pWjgfPvzm6gsFEF4f9
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-