General
-
Target
RoShade.Installer.exe
-
Size
5.8MB
-
Sample
241117-shseyasenb
-
MD5
a009d18ad6b1ad27d3bfe34af2523c89
-
SHA1
efe133b7259a700a1c838af989468ab65df1ca7b
-
SHA256
be59ff484a7fa035caee41f9c6c70572250960f09768818b7cf9256013e2a007
-
SHA512
9b33219a9b98eaa55a347cdd3a231e36c63d83653e2cda39cea36c3e4ffa1e4b45e317f4b15ceeb3c5a8933a996ace45fe3dc0524e1ab383a59df65126de5c38
-
SSDEEP
98304:LimDSuXXOa7RHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6n3eX:LimDZtRHvUWvozWOxu9kXwvdbDlA03N4
Malware Config
Targets
-
-
Target
RoShade.Installer.exe
-
Size
5.8MB
-
MD5
a009d18ad6b1ad27d3bfe34af2523c89
-
SHA1
efe133b7259a700a1c838af989468ab65df1ca7b
-
SHA256
be59ff484a7fa035caee41f9c6c70572250960f09768818b7cf9256013e2a007
-
SHA512
9b33219a9b98eaa55a347cdd3a231e36c63d83653e2cda39cea36c3e4ffa1e4b45e317f4b15ceeb3c5a8933a996ace45fe3dc0524e1ab383a59df65126de5c38
-
SSDEEP
98304:LimDSuXXOa7RHtJQi9UWvGfqD8WOxfmjaa15uXaDvdCK/blzFS03iw7FwXR6n3eX:LimDZtRHvUWvozWOxu9kXwvdbDlA03N4
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-