General
-
Target
Himlaya.exe
-
Size
7.9MB
-
Sample
241030-svjcssvmfv
-
MD5
7bc92b7d2a17e8146cb87ad23c2a1faf
-
SHA1
d52c9191452b988e4da8fc40150d63993edb6927
-
SHA256
4117707c37c95adb3b2610a7406f3814ba37aa1ea396a1a359c3d52a33b01813
-
SHA512
77fb9b573f94ab4994cff1162b4b5191ef7090b5c0c5c73d0d6a3c0451b706c9bea6cfcc62bfc9fc590b4829749ac860e2ef002387a2c4a1f1ec73d9d86c47a0
-
SSDEEP
196608:sTHYMwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jU:dIHziK1piXLGVE4Ue0VJA
Malware Config
Targets
-
-
Target
Himlaya.exe
-
Size
7.9MB
-
MD5
7bc92b7d2a17e8146cb87ad23c2a1faf
-
SHA1
d52c9191452b988e4da8fc40150d63993edb6927
-
SHA256
4117707c37c95adb3b2610a7406f3814ba37aa1ea396a1a359c3d52a33b01813
-
SHA512
77fb9b573f94ab4994cff1162b4b5191ef7090b5c0c5c73d0d6a3c0451b706c9bea6cfcc62bfc9fc590b4829749ac860e2ef002387a2c4a1f1ec73d9d86c47a0
-
SSDEEP
196608:sTHYMwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jU:dIHziK1piXLGVE4Ue0VJA
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
��4���.pyc
-
Size
1KB
-
MD5
c0b5e73f9f7c76841c031ccecc22e3ff
-
SHA1
7be064d0a65c94d7dc52b09256fe9bb4ad607890
-
SHA256
e658010282addadec6a22e2f47285f5da8e09a3894b75135d2ca25afb0ccf7d7
-
SHA512
de565681fcbd68aefb0ae4f34c7d33e9a9a7427dacddf1b1eab55c79e48db82565077bd2806c6181081212da5ea20b9b498341d97c155cef1a9723cdfb0db053
Score1/10 -