Overview

overview

10

Static

static

10

isisC2.exe

windows7-x64

7

isisC2.exe

windows10-2004-x64

8

Resubmissions

04-11-2024 01:58

241104-cd6trs1cql 10

03-11-2024 23:54

241103-3xzgxaydkp 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    isisC2.exe

  • Size

    25.0MB

  • Sample

    241103-3xzgxaydkp

  • MD5

    592184ead6250e7391b8caa9643d2bcb

  • SHA1

    903604740047138704131e9a1efe75a0738824d5

  • SHA256

    aae708ff066deab34df7a07cd0da4cd449235ccd541f5030d4c0c6cd4ca3b758

  • SHA512

    9805a5cf962a75b9f3007f84c29bc070f9653158c54621a74a9baef3ec6435831b3cd6e5b53024e6c02286804f7a2226eaf3b07df21975a552507ce307430860

  • SSDEEP

    98304:RJEtdFBCPtamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOuAKEM1U7:RIFIPoeN/FJMIDJf0gsAGK4RVuAKEMU7

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      isisC2.exe

    • Size

      25.0MB

    • MD5

      592184ead6250e7391b8caa9643d2bcb

    • SHA1

      903604740047138704131e9a1efe75a0738824d5

    • SHA256

      aae708ff066deab34df7a07cd0da4cd449235ccd541f5030d4c0c6cd4ca3b758

    • SHA512

      9805a5cf962a75b9f3007f84c29bc070f9653158c54621a74a9baef3ec6435831b3cd6e5b53024e6c02286804f7a2226eaf3b07df21975a552507ce307430860

    • SSDEEP

      98304:RJEtdFBCPtamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOuAKEM1U7:RIFIPoeN/FJMIDJf0gsAGK4RVuAKEMU7

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks