General
-
Target
text.txt
-
Size
103B
-
Sample
241103-pnqazsxjan
-
MD5
181acbc86809adb53c626c41f110232b
-
SHA1
fc964fbf9653e17776b0772810f13667f1d08ca2
-
SHA256
6d4a4d03e1313c9934ba3223e408ba1c18d4e00efc4205e229e10468b5b6d327
-
SHA512
6c5c9daa0c022b9de83ff49058d531ff3904f974253a435a3be35b9c307f2f2b9f4894818065cf700ad169ab836cafc66f8bb385bd7d9dd0c6eddb526e2ef018
Malware Config
Targets
-
-
Target
text.txt
-
Size
103B
-
MD5
181acbc86809adb53c626c41f110232b
-
SHA1
fc964fbf9653e17776b0772810f13667f1d08ca2
-
SHA256
6d4a4d03e1313c9934ba3223e408ba1c18d4e00efc4205e229e10468b5b6d327
-
SHA512
6c5c9daa0c022b9de83ff49058d531ff3904f974253a435a3be35b9c307f2f2b9f4894818065cf700ad169ab836cafc66f8bb385bd7d9dd0c6eddb526e2ef018
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Indicator Removal: Network Share Connection Removal
Adversaries may remove share connections that are no longer useful in order to clean up traces of their operation.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Impair Defenses
1Indicator Removal
1Network Share Connection Removal
1Modify Registry
2Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Process Discovery
1Query Registry
4System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1