General

  • Target

    hilolxdbyelol.exe

  • Size

    16.6MB

  • Sample

    241110-mmdvfsyjen

  • MD5

    276f1434179e8a4ca328ac83b1c0ac90

  • SHA1

    cd71b687b28b33e03e8a33e6e4195f678fb92bac

  • SHA256

    7f75acfee97ad747da00d55e837a14d9fa9104f6f14a1a73f6537f61f48a172a

  • SHA512

    785d8f321add743b6e44af72a15fdc434f7502249f4d155cfd0f73be7fe588ea1cfa272b94ca020d0b090638e54a5e7278c92f5b66bf7689e1ae73c3ae60d26f

  • SSDEEP

    393216:x1F8ZXjBkteDLP+TebZqRDqOKeqbu5tCv6rsKy/pWu4kRlUy2tyZ:xXkXSeDT+mqBqOKeyu5tCWty/pWkZ

Malware Config

Targets

    • Target

      hilolxdbyelol.exe

    • Size

      16.6MB

    • MD5

      276f1434179e8a4ca328ac83b1c0ac90

    • SHA1

      cd71b687b28b33e03e8a33e6e4195f678fb92bac

    • SHA256

      7f75acfee97ad747da00d55e837a14d9fa9104f6f14a1a73f6537f61f48a172a

    • SHA512

      785d8f321add743b6e44af72a15fdc434f7502249f4d155cfd0f73be7fe588ea1cfa272b94ca020d0b090638e54a5e7278c92f5b66bf7689e1ae73c3ae60d26f

    • SSDEEP

      393216:x1F8ZXjBkteDLP+TebZqRDqOKeqbu5tCv6rsKy/pWu4kRlUy2tyZ:xXkXSeDT+mqBqOKeyu5tCWty/pWkZ

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks