General

  • Target

    ranallstar.exe

  • Size

    1.1MB

  • Sample

    241115-s6mjlaxaml

  • MD5

    3f2b1480999175cb2d415900478cfa1c

  • SHA1

    7c7c3faa01dfb1a65947b8b32826c26079cb19dd

  • SHA256

    e77a8f3732b72aec848c858ebb19906c820b2a285ed55988a7e39e5bbb50db49

  • SHA512

    6e71b6a31dab80c7a1e6bbfe75ea93b974e11283e8697df3a07d51d7cd5328088357a3ccad85ddb9cf789247a784c6c32c2e874501cfe2a7a7e90aa6094ebd80

  • SSDEEP

    24576:AfTkD0E003ubc2MRgCmP/ZwIDzq+Iha5a0H/ChFIX:IG00SSgCmP/ZwYj48a0fC8

Score
8/10

Malware Config

Targets

    • Target

      ranallstar.exe

    • Size

      1.1MB

    • MD5

      3f2b1480999175cb2d415900478cfa1c

    • SHA1

      7c7c3faa01dfb1a65947b8b32826c26079cb19dd

    • SHA256

      e77a8f3732b72aec848c858ebb19906c820b2a285ed55988a7e39e5bbb50db49

    • SHA512

      6e71b6a31dab80c7a1e6bbfe75ea93b974e11283e8697df3a07d51d7cd5328088357a3ccad85ddb9cf789247a784c6c32c2e874501cfe2a7a7e90aa6094ebd80

    • SSDEEP

      24576:AfTkD0E003ubc2MRgCmP/ZwIDzq+Iha5a0H/ChFIX:IG00SSgCmP/ZwYj48a0fC8

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks