General
-
Target
injectornova.exe
-
Size
7.6MB
-
Sample
241029-yex4xaydqg
-
MD5
cebf49e54d37132a17f613eee8b7a8fb
-
SHA1
597eb7b2408b85182f2b40cdb83852605bd2e841
-
SHA256
205c84f75b64218d83eda868f4118722c7f2b7f97dcbc9bf35bed2947cf9ba2b
-
SHA512
8f0d12d8cdf4a977c5a3407aa3faa26c73a5bc9a42f4ff175e8808876eaf16a2b9fec89c6c9334fcb275203c90fc3b0e10a236c8b4a3e9729d64ae48a9614eb1
-
SSDEEP
196608:Xu+YS6x0MOshoKMuIkhVastRL5Di3ue1D730I:VYSU0MOshouIkPftRL54fREI
Malware Config
Targets
-
-
Target
injectornova.exe
-
Size
7.6MB
-
MD5
cebf49e54d37132a17f613eee8b7a8fb
-
SHA1
597eb7b2408b85182f2b40cdb83852605bd2e841
-
SHA256
205c84f75b64218d83eda868f4118722c7f2b7f97dcbc9bf35bed2947cf9ba2b
-
SHA512
8f0d12d8cdf4a977c5a3407aa3faa26c73a5bc9a42f4ff175e8808876eaf16a2b9fec89c6c9334fcb275203c90fc3b0e10a236c8b4a3e9729d64ae48a9614eb1
-
SSDEEP
196608:Xu+YS6x0MOshoKMuIkhVastRL5Di3ue1D730I:VYSU0MOshouIkPftRL54fREI
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-