Overview

overview

10

Static

static

10

72fdb72dcc...6f.exe

windows7-x64

7

72fdb72dcc...6f.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12e9f3ce18351ee539646c23cc862c5c.bin

  • Size

    7.4MB

  • Sample

    241112-bc3v2szndt

  • MD5

    1dd8c9239fb924d2e84f5960689f0a29

  • SHA1

    bec2635b7e3dfa4f8f66695f0288d5f02f1fa1b5

  • SHA256

    3b5cc001b67519966496e5dfed263df0518999669009327ac7da05dd52da3481

  • SHA512

    8e25e43fbe6e19c36afadfbe31ee3493b3dbe5dd7881671b090708be45b961f9ad65d4b7281c585ae52a372d78831779509e7d74a5e329c599d83113d33b0c51

  • SSDEEP

    196608:WWYlQwFQUMlvNZ8YXUhm0WLS8QSV2A4FJKr9aD+oG4QnUK2VrS8uJ:WxlLudl38YXUWOLkdWJKrwM4QnUbBSJJ

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      72fdb72dcc71697b027824211e2879f4bf8c8974e56a857f2fca30ad7b675d6f.exe

    • Size

      7.5MB

    • MD5

      12e9f3ce18351ee539646c23cc862c5c

    • SHA1

      0b2487fe4e3ffaf79fdf1c0c0b01f6ce68346daf

    • SHA256

      72fdb72dcc71697b027824211e2879f4bf8c8974e56a857f2fca30ad7b675d6f

    • SHA512

      585882cbb5e8097d47b3985326a4ae9c17d2e015801652d88a5c5230feab1add48f60bd73fa9ff34b505de742b437e53ed03b53d5011c1834c134610ff96ac59

    • SSDEEP

      196608:yOgFHwfI9jUC2gYBYv3vbW5+iITm1U6fi:4FMIH2gYBgDW4TOz6

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks