General

  • Target

    Redact-Setup-0.17.0.exe

  • Size

    8.3MB

  • Sample

    241109-qzq74ayjhl

  • MD5

    1a2e40dd35088fc1f6d3e20b7752f6f3

  • SHA1

    55f00dbcd36e602ee868bfd743489b62d932558f

  • SHA256

    02577be2bd36691539020952018b01750a5a3a7741cacc641c7f6dbe67e07ede

  • SHA512

    d9421c234f21bdaebb7f2a2b3c02e93b5c307beaec380600b47c3458e2030f171c1c787a0697711eb06f5f0a67bab4f193a9c1786303a35f4a88cb31e116ee65

  • SSDEEP

    196608:nWuYowfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jB:GIHziK1piXLGVE4UrS0VJ9

Malware Config

Targets

    • Target

      Redact-Setup-0.17.0.exe

    • Size

      8.3MB

    • MD5

      1a2e40dd35088fc1f6d3e20b7752f6f3

    • SHA1

      55f00dbcd36e602ee868bfd743489b62d932558f

    • SHA256

      02577be2bd36691539020952018b01750a5a3a7741cacc641c7f6dbe67e07ede

    • SHA512

      d9421c234f21bdaebb7f2a2b3c02e93b5c307beaec380600b47c3458e2030f171c1c787a0697711eb06f5f0a67bab4f193a9c1786303a35f4a88cb31e116ee65

    • SSDEEP

      196608:nWuYowfI9jUCzi4H1qSiXLGVi7DMgpZASEyQ0VMwICEc/jB:GIHziK1piXLGVE4UrS0VJ9

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks