General
-
Target
.scr
-
Size
10.0MB
-
Sample
241101-r57mpstjhq
-
MD5
cf403e9f0390413606a5b715e75acc47
-
SHA1
11263ff29042cf25fe892391887de9c23de23c33
-
SHA256
66a4ecaa340081d69ddff222ac360e9c36cef5e63a135b2763fb597a6bc1f97f
-
SHA512
295ad9bdffe3c65920729861bfb2646600b3cf5e5c4ae2aa1e3f9872847cc1a297f2bd0f96706fd332baab6db33bb4d635ef7aedea744d19a4c44831d1080a64
-
SSDEEP
196608:XyOHYywfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jo:CfIHziK1piXLGVE4Ue0VJk
Malware Config
Targets
-
-
Target
.scr
-
Size
10.0MB
-
MD5
cf403e9f0390413606a5b715e75acc47
-
SHA1
11263ff29042cf25fe892391887de9c23de23c33
-
SHA256
66a4ecaa340081d69ddff222ac360e9c36cef5e63a135b2763fb597a6bc1f97f
-
SHA512
295ad9bdffe3c65920729861bfb2646600b3cf5e5c4ae2aa1e3f9872847cc1a297f2bd0f96706fd332baab6db33bb4d635ef7aedea744d19a4c44831d1080a64
-
SSDEEP
196608:XyOHYywfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jo:CfIHziK1piXLGVE4Ue0VJk
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
�@ǽ��.pyc
-
Size
1KB
-
MD5
f2962a5af5b5d7015634252b3b5884d4
-
SHA1
8983480c009d72f93558a3b51380ee6d9d621394
-
SHA256
ff3f3f0fd8edf2a13a559af53692d3b445f413a8b05262203e5f2e69e8781fa7
-
SHA512
4e8bc8a5a8748748beec6b9e0fb78fd2cc4d1c0512ee75c4e9b0c693361264eb925539210bd92d1a1ebd8b0ca2bc1c827df96bd7c2fe78a0c00e668c64fa0fae
Score1/10 -