General
-
Target
a0b986793e6a44ef8767a00c801073742fbaa8b183c50bbe2c0e57ca365fb163N.exe
-
Size
7.8MB
-
Sample
241112-ye9gyazdjf
-
MD5
d397f268ab38cf99b942a1529663c6f0
-
SHA1
0be68b419deb1745d4fe1abfb412b16dc7125316
-
SHA256
a0b986793e6a44ef8767a00c801073742fbaa8b183c50bbe2c0e57ca365fb163
-
SHA512
e0cb8a6d33f95cd841bbc7b01990cfa57bf3f454093dc50ea7d6e2a7cc13d016b31749a73f41f0920fd234beb150e5a9394902e7f46f7fe68f1f2c20385b4d93
-
SSDEEP
196608:0bgFShewfI9jUC2gYBYv3vbW5+iITm1U6f4:RFShVIH2gYBgDW4TOzQ
Malware Config
Targets
-
-
Target
a0b986793e6a44ef8767a00c801073742fbaa8b183c50bbe2c0e57ca365fb163N.exe
-
Size
7.8MB
-
MD5
d397f268ab38cf99b942a1529663c6f0
-
SHA1
0be68b419deb1745d4fe1abfb412b16dc7125316
-
SHA256
a0b986793e6a44ef8767a00c801073742fbaa8b183c50bbe2c0e57ca365fb163
-
SHA512
e0cb8a6d33f95cd841bbc7b01990cfa57bf3f454093dc50ea7d6e2a7cc13d016b31749a73f41f0920fd234beb150e5a9394902e7f46f7fe68f1f2c20385b4d93
-
SSDEEP
196608:0bgFShewfI9jUC2gYBYv3vbW5+iITm1U6f4:RFShVIH2gYBgDW4TOzQ
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-