General

  • Target

    application.zip

  • Size

    29.7MB

  • Sample

    241119-w1bfxsvkal

  • MD5

    b43178403113cd78f4849471aa179edb

  • SHA1

    843bc7b1fff4ba6e8b81d95276765a88b24131b7

  • SHA256

    64b12f1d65a1a709abf4588142f73a9fa4d457d0da3714683e2a2be0b3321992

  • SHA512

    4a51f18e52677682addf36318797ef615e29879b73a2271ddf296749d7019beeec7cc339a98ad64182a7ea4613376f74ef02315f4e39471281bf6004cd0b7a32

  • SSDEEP

    786432:OFmAsk7nqoqoz6cHvzz+vn+aqa2Tb33yOLV1NA4pdti/oZ:ysgqXo+izNbn5LDFpfB

Score
10/10

Malware Config

Targets

    • Target

      Loader_dll/loaderV12.exe

    • Size

      62.3MB

    • MD5

      8e533e9d973e49f1251a5a5343650130

    • SHA1

      2c94ccaf726d034c426425e6b74755b941880566

    • SHA256

      6465765c30c964f99f3afadb81383993893cfcbb47d4740b368a11e5dc614f1e

    • SHA512

      a03ce278551642f8e615dbf617d6480794909f5648e108644f1db9c5a694a334c6b14ed3bc1b82da65e67e78d2d03f3871335d19116ad4624fdc1e0ca32a0d38

    • SSDEEP

      393216:W5HH6Cms5ku95LoagbWWToiadeqW5ZKwq/2Q3HAswsOjNnFRujVebELXD6uP9wjT:WhH6CmsXV1WpaAPZc2ugV2ebVuP+/

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks