Resubmissions
02-11-2024 12:57
241102-p67mzsvcmd 1031-10-2024 15:38
241031-s29tbsyphx 1031-10-2024 13:48
241031-q4h3aazdlq 1031-10-2024 13:47
241031-q3j8ys1kdk 1031-10-2024 10:59
241031-m3lj8syjer 1031-10-2024 00:37
241031-aylyzsvgqp 1030-10-2024 19:53
241030-yl61dsypes 1030-10-2024 18:01
241030-wmbvjayemh 1030-10-2024 16:59
241030-vhha3sxgkb 10General
-
Target
tz.crack.exe
-
Size
7.5MB
-
Sample
241030-tkp82awjcs
-
MD5
7a4e48717291c245f2b52d2187dca1a9
-
SHA1
6cd9fcf2b398f0c067d77758840f734d09b7448c
-
SHA256
d80cc1ce14da80e15b980438c673a1baf2beca2634eea4bb777b810474de83fd
-
SHA512
7fd9d6e3d17d2658ebe681e777373e301049b7bd4633fb6ce573e6b3fbe2871a7accef731b0b5db92abc4a10dfcc1fb020f30e467601ce0be5230bec9d5f4b90
-
SSDEEP
196608:wGgFZwfI9jUC2gYBYv3vbW5+iITm1U6fe:CFmIH2gYBgDW4TOzW
Malware Config
Targets
-
-
Target
tz.crack.exe
-
Size
7.5MB
-
MD5
7a4e48717291c245f2b52d2187dca1a9
-
SHA1
6cd9fcf2b398f0c067d77758840f734d09b7448c
-
SHA256
d80cc1ce14da80e15b980438c673a1baf2beca2634eea4bb777b810474de83fd
-
SHA512
7fd9d6e3d17d2658ebe681e777373e301049b7bd4633fb6ce573e6b3fbe2871a7accef731b0b5db92abc4a10dfcc1fb020f30e467601ce0be5230bec9d5f4b90
-
SSDEEP
196608:wGgFZwfI9jUC2gYBYv3vbW5+iITm1U6fe:CFmIH2gYBgDW4TOzW
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-