General
-
Target
NovaGenRobux.exe
-
Size
8.2MB
-
Sample
241028-ayakystmfx
-
MD5
297e86edb932cf17b22a57efd0fde43b
-
SHA1
f3e6ce9303d44e7b478f82c662db447cc868ad8a
-
SHA256
7b19ef629c305578a400d7ad959639d0038da26b778a58fa338d5625fd031825
-
SHA512
9e6d0f81d0f4a981d30767824965dc34c78c063d00ab589b60b588cad94ad1c9ab0710380b8379949e7bd7f76e26320bcf41db6f039275f0490fc0c560e939e8
-
SSDEEP
196608:G7yRurErvI9pWjgaAnajMsbSEo2DfQC//OoBPmUb:KyRurEUWjJjIfco4jFvb
Malware Config
Targets
-
-
Target
NovaGenRobux.exe
-
Size
8.2MB
-
MD5
297e86edb932cf17b22a57efd0fde43b
-
SHA1
f3e6ce9303d44e7b478f82c662db447cc868ad8a
-
SHA256
7b19ef629c305578a400d7ad959639d0038da26b778a58fa338d5625fd031825
-
SHA512
9e6d0f81d0f4a981d30767824965dc34c78c063d00ab589b60b588cad94ad1c9ab0710380b8379949e7bd7f76e26320bcf41db6f039275f0490fc0c560e939e8
-
SSDEEP
196608:G7yRurErvI9pWjgaAnajMsbSEo2DfQC//OoBPmUb:KyRurEUWjJjIfco4jFvb
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-