General
-
Target
yuki.exe
-
Size
8.3MB
-
Sample
241105-xdpkpswjc1
-
MD5
bcfaa6dfe6f0003945ecf8c88c71cbe3
-
SHA1
73d4a0f0956ec9054a3d7c709bccc5de0e0cb4ad
-
SHA256
4d6895b29fa61f90199064bf2417f0a756a72e809194be571755cce8cc43d519
-
SHA512
f4c170ae635dacf13ae20ee518400c422686588c3a8a44febb67da1921a6212ce6688e223ef686a4c07b0b758333a2c691ee9ed0733a9fd88e887dd9a5003311
-
SSDEEP
196608:ykWhOdurErvI9pWjg/Qc+4o673pNrabebSEdyzWtPMYnNcsh:YuurEUWjZZ4dDLIeW7zWtPTNzh
Malware Config
Targets
-
-
Target
yuki.exe
-
Size
8.3MB
-
MD5
bcfaa6dfe6f0003945ecf8c88c71cbe3
-
SHA1
73d4a0f0956ec9054a3d7c709bccc5de0e0cb4ad
-
SHA256
4d6895b29fa61f90199064bf2417f0a756a72e809194be571755cce8cc43d519
-
SHA512
f4c170ae635dacf13ae20ee518400c422686588c3a8a44febb67da1921a6212ce6688e223ef686a4c07b0b758333a2c691ee9ed0733a9fd88e887dd9a5003311
-
SSDEEP
196608:ykWhOdurErvI9pWjg/Qc+4o673pNrabebSEdyzWtPMYnNcsh:YuurEUWjZZ4dDLIeW7zWtPTNzh
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$ ��Hm�.pyc
-
Size
1KB
-
MD5
dff12523091452431f216b6bcc68aae3
-
SHA1
b883bae5af16f67b5e415a13b53e7744237f13aa
-
SHA256
4dc2ea1b14b03647e5bdc22ca0a33d4f2900f6954c046e61d499bec3e76117b0
-
SHA512
bab4d39ce9b99c16a1c4051a695d42a65979733bf1d17e134edaccc853dbeed0440d1a86e77ee83bbeee0394f7f27db2f38e83526575f5887d6bfaf6614e94b6
Score1/10 -