Overview

overview

10

Static

static

10

Fixer.exe

windows7-x64

7

Fixer.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fixer.exe

  • Size

    8.3MB

  • Sample

    241104-h3k69axapf

  • MD5

    7987b5d73f21ec9986a2218755319a9d

  • SHA1

    906ef95d3e5f84586ae5536e57fd2201b16ea081

  • SHA256

    dca94ef6bd0c8b234268eae00a0711399e44e16eecdfdacaa9cbe9e91150024b

  • SHA512

    364a5160405d168df68b3782aba2f8ca028274884159d4cfdcd78c2e7db68cbc3366a0d92f5465cd0bcd8a0507e1bfa2587140652f913c07ee7f41f572153c8b

  • SSDEEP

    196608:UTuY+wfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j+:0IHziK1piXLGVE4UrS0VJy

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Fixer.exe

    • Size

      8.3MB

    • MD5

      7987b5d73f21ec9986a2218755319a9d

    • SHA1

      906ef95d3e5f84586ae5536e57fd2201b16ea081

    • SHA256

      dca94ef6bd0c8b234268eae00a0711399e44e16eecdfdacaa9cbe9e91150024b

    • SHA512

      364a5160405d168df68b3782aba2f8ca028274884159d4cfdcd78c2e7db68cbc3366a0d92f5465cd0bcd8a0507e1bfa2587140652f913c07ee7f41f572153c8b

    • SSDEEP

      196608:UTuY+wfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/j+:0IHziK1piXLGVE4UrS0VJy

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks