General

  • Target

    System_Updater.exe

  • Size

    8.2MB

  • Sample

    241109-qjjs3sverq

  • MD5

    c40a7d89207d485bb26ae47c8188ab69

  • SHA1

    37a6b1670d7b045c9d9504802e6f19ccb45ac74d

  • SHA256

    f91ef555de00d1c3c0d8dd9111610f69d28d54987c3831a383431f7414321847

  • SHA512

    58d81ce4975cd675039017e97a2407debdc7864eb9ac6b70e07b7b745a0aefb54045a8633db451e72372f54c3473521b090c50b938e74cdfccb801cc95d0943b

  • SSDEEP

    196608:ZxY2OshoKMuIkhVastRL5Di3tnSEMe9SPJ/:7Y2OshouIkPftRL540go/

Malware Config

Targets

    • Target

      System_Updater.exe

    • Size

      8.2MB

    • MD5

      c40a7d89207d485bb26ae47c8188ab69

    • SHA1

      37a6b1670d7b045c9d9504802e6f19ccb45ac74d

    • SHA256

      f91ef555de00d1c3c0d8dd9111610f69d28d54987c3831a383431f7414321847

    • SHA512

      58d81ce4975cd675039017e97a2407debdc7864eb9ac6b70e07b7b745a0aefb54045a8633db451e72372f54c3473521b090c50b938e74cdfccb801cc95d0943b

    • SSDEEP

      196608:ZxY2OshoKMuIkhVastRL5Di3tnSEMe9SPJ/:7Y2OshouIkPftRL540go/

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks