Overview

overview

10

Static

static

10

 ‍   .scr

windows7-x64

7

 ‍   .scr

windows10-2004-x64

8

��z̷#Z.pyc

windows7-x64

��z̷#Z.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

     ‍   .scr

  • Size

    6.0MB

  • Sample

    241115-2dlw2axmbj

  • MD5

    1f2987417cb377be278f0458e06170bc

  • SHA1

    0d9b8a667a3b033a30e8cb44cf50872516eade14

  • SHA256

    6d7a25046cfdc39532e18406b53240ba680404470e941fd448e4372d76b0f01b

  • SHA512

    20301a48f40b4b4108eaf5615c8c9df7c9bf69b2b493702413bfab5149ee7e80a0da45c45af41cf09bef07dee23f00f93edbd0eadf405ba97eb612b7f3e43a91

  • SSDEEP

    98304:u7Iu4+DcBF2MSamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HbM8/3Uj:uEp+D+reNoInY7/sHfbRy9Q8+Tn

Score
10/10
blankgrabberdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

       ‍   .scr

    • Size

      6.0MB

    • MD5

      1f2987417cb377be278f0458e06170bc

    • SHA1

      0d9b8a667a3b033a30e8cb44cf50872516eade14

    • SHA256

      6d7a25046cfdc39532e18406b53240ba680404470e941fd448e4372d76b0f01b

    • SHA512

      20301a48f40b4b4108eaf5615c8c9df7c9bf69b2b493702413bfab5149ee7e80a0da45c45af41cf09bef07dee23f00f93edbd0eadf405ba97eb612b7f3e43a91

    • SSDEEP

      98304:u7Iu4+DcBF2MSamaHl3Ne4i3gDUZnhhM7M+yvFaW9cIzaF6ARwDtyDe2HbM8/3Uj:uEp+D+reNoInY7/sHfbRy9Q8+Tn

    Score
    8/10
    upxdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      ��z̷#Z.pyc

    • Size

      857B

    • MD5

      8123f974554946529ee2500fab200760

    • SHA1

      a83dd1a093e74f879a4d7af32df9b021366271d0

    • SHA256

      1f78a4eac4ba240e64a31605df1653df90ddcfe30626b3cfbe43029735485428

    • SHA512

      53663402983bd14c0d091e64d82cac1f829951363ff8b90818595c42168274da2ccb0cd47a7c28b660ac15f8f150bdb2a0014802d8307366e6cc727bf62fd422

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks