Overview

overview

10

Static

static

10

3b72607214...c7.exe

windows7-x64

7

3b72607214...c7.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e61c1c075750c715689f33a65ca63ba6.bin

  • Size

    7.5MB

  • Sample

    241029-b93asaznes

  • MD5

    433c7a3276ab8fcd0a67f820214e852a

  • SHA1

    9f5b7d9ed28e5cc4e4c5aa7ceaef508c200d46a8

  • SHA256

    4959ac4568cd6a6ee73044f55fddf6306a7ef824aed8b778ec98ce3c45b67116

  • SHA512

    dff6db076388e4e35bc3415fe9c6bde737080c37e63ea60f440d894153e6bc5af51045e4c6e7816072e88c341873787fe15a02f6c3e03e7d7d68b258cdaa2a75

  • SSDEEP

    196608:FoxH9WQX9RdY30BPE9YeCjCcDzMeUQgppUplmUU+gbT:qhNjY3Kc2eCGcXMeUQTmbbT

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      3b72607214d2454a3fe277595c2b91070020037f1ffb2a2c69e2583da4da0bc7.exe

    • Size

      7.7MB

    • MD5

      e61c1c075750c715689f33a65ca63ba6

    • SHA1

      3e5b19ed2979ec1596a877a85f6c9e532c6839a8

    • SHA256

      3b72607214d2454a3fe277595c2b91070020037f1ffb2a2c69e2583da4da0bc7

    • SHA512

      e02bbaed5d269a6782ea7c283536f8b4fdd60c5483e1cf187508c1e6d43619c4a31decbf143de14f3b0f3f2e547f72197fdc81dc34eaf9fa46d69174c6f00a21

    • SSDEEP

      196608:WZ0eDeNTfm/pf+xk4dNSESRpmrbW3jmry:Vy/pWu4m5Rpmrbmyry

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks