Overview

overview

10

Static

static

10

‎.exe

windows7-x64

7

‎.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ‎.exe

  • Size

    7.5MB

  • Sample

    241105-l1995syglc

  • MD5

    06bd8bcabbfb6fcaf0858e2a6ccec861

  • SHA1

    c5c5ea158b9823f3ccb799386356d35713107d37

  • SHA256

    891e045d6b5f4ad1be2551fd0e1f34d4c65601a5acf6a07a5bd1022a8a9cbe0e

  • SHA512

    0ee9146c83355396550d75974a7d85b58904969ce25052ab01971637e18e57e9f859116ab774e191fafad7282cd357666b22b696940148f261be934e84139e03

  • SSDEEP

    98304:4wDjWM8JE+s1FpfamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfiJs7eRpYRJJcGY:/0vreNTfm/pf+xk4dKWSRpmrbW3jmrM

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      ‎.exe

    • Size

      7.5MB

    • MD5

      06bd8bcabbfb6fcaf0858e2a6ccec861

    • SHA1

      c5c5ea158b9823f3ccb799386356d35713107d37

    • SHA256

      891e045d6b5f4ad1be2551fd0e1f34d4c65601a5acf6a07a5bd1022a8a9cbe0e

    • SHA512

      0ee9146c83355396550d75974a7d85b58904969ce25052ab01971637e18e57e9f859116ab774e191fafad7282cd357666b22b696940148f261be934e84139e03

    • SSDEEP

      98304:4wDjWM8JE+s1FpfamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfiJs7eRpYRJJcGY:/0vreNTfm/pf+xk4dKWSRpmrbW3jmrM

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks