Overview

overview

10

Static

static

10

loader.exe

windows7-x64

7

loader.exe

windows10-2004-x64

8

loader-o.pyc

windows7-x64

3

loader-o.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    loader.exe

  • Size

    7.4MB

  • Sample

    241106-wgqfqsvcme

  • MD5

    e26f980e01937c11753a44cba974b75d

  • SHA1

    31b41b9a017dd34b971c32565c612aa10b3e98c3

  • SHA256

    f967660afa6c074af705058bd0e681c5a431e705b83149c6e54f5b04797ded19

  • SHA512

    df8db54b06d8abaa5c25cf0dfd94fafe5662f55edebb7c60755bbeeafc73a3ef72b694a646635dd592e9af355f3533d2818528bc673a2f43e6a04a38239c9b69

  • SSDEEP

    196608:cWxteurErvI9pWjgaAnajMsK23fQC//OoLxh:zteurEUWjJjYoo4jLxh

Score
10/10
blankgrabberdiscoveryexecutionpyinstallerupx

Malware Config

Targets

    • Target

      loader.exe

    • Size

      7.4MB

    • MD5

      e26f980e01937c11753a44cba974b75d

    • SHA1

      31b41b9a017dd34b971c32565c612aa10b3e98c3

    • SHA256

      f967660afa6c074af705058bd0e681c5a431e705b83149c6e54f5b04797ded19

    • SHA512

      df8db54b06d8abaa5c25cf0dfd94fafe5662f55edebb7c60755bbeeafc73a3ef72b694a646635dd592e9af355f3533d2818528bc673a2f43e6a04a38239c9b69

    • SSDEEP

      196608:cWxteurErvI9pWjgaAnajMsK23fQC//OoLxh:zteurEUWjJjYoo4jLxh

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      loader-o.pyc

    • Size

      1KB

    • MD5

      f7a0ef8605877d2c5c445cd1cd7ca182

    • SHA1

      53011f1c3a9cdf7fc110d69cd2450a2a6fb601da

    • SHA256

      860c0a45a4ee72fa9fd326629f16b7b45f773932e6be0e2b51ef278e28189cd6

    • SHA512

      90f2e0a51ac2f12288265565908dd9d54b56e4f792a4526054ed0e481e5a78c195ddda8564d24b3023220ca52869273337e7443f07f76b41db6c04272dee7974

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks