Resubmissions

08-11-2024 18:09

241108-wrgxcaxbpr 10

General

  • Target

    painelOTM240fps.exe

  • Size

    7.6MB

  • Sample

    241108-wrgxcaxbpr

  • MD5

    0c41726ea8d16993f8773d9ad7d5733e

  • SHA1

    d465c8c34c75f77ba30d61f5749272a6189dc4a1

  • SHA256

    f3bfad38cec660a922a40e932a8992e2671f1c482236d09a2b6b8417d89de078

  • SHA512

    c37c362568b33bbaa254e638f07b4fb51fa09bcf9125e6f8809affd8629f7962d800a039fa2cc7c49e7dfb9499921251614f2249bdcda8db4a482cbb9c4e3359

  • SSDEEP

    196608:KIHYIwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jo:CIHziK1piXLGVE4Ue0VJk

Malware Config

Targets

    • Target

      painelOTM240fps.exe

    • Size

      7.6MB

    • MD5

      0c41726ea8d16993f8773d9ad7d5733e

    • SHA1

      d465c8c34c75f77ba30d61f5749272a6189dc4a1

    • SHA256

      f3bfad38cec660a922a40e932a8992e2671f1c482236d09a2b6b8417d89de078

    • SHA512

      c37c362568b33bbaa254e638f07b4fb51fa09bcf9125e6f8809affd8629f7962d800a039fa2cc7c49e7dfb9499921251614f2249bdcda8db4a482cbb9c4e3359

    • SSDEEP

      196608:KIHYIwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jo:CIHziK1piXLGVE4Ue0VJk

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks