c089ff775a43c52eb5ffa830c82f66f4b24301b5472c0b8a7b63988e13481d33 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

qZBMopqFzc.exe

windows10-ltsc 2021-x64

Resubmissions

20/11/2024, 02:41

241120-c6pe7atmbm 8

Sharing

General

Target

qZBMopqFzc.exe
Size

10.9MB
Sample

241120-c6pe7atmbm
MD5

4e150098282968ae53f70cb438b7ac54
SHA1

5b75c311c5cb4f34f91795c58d1f8ba3bc8d12a6
SHA256

c089ff775a43c52eb5ffa830c82f66f4b24301b5472c0b8a7b63988e13481d33
SHA512

fc25f6667db912120237b8a0767ea5a12a34963c0615a0c633e1741a38e2f91f9de721699ddf5db1ee2368caf67b297ec25e34aa81ad0dee9bfc943626fa9ce3
SSDEEP

98304:67wDkgcrK0K+LZi5a7eOGGFPv5JInm66wuL:wwDRG9hZi5a7uGF35e76BL

Score

8^/10

defense_evasion discovery evasion execution phishing pyinstaller

Static task

static1

Behavioral task

behavioral1

Sample

qZBMopqFzc.exe

Resource

win10ltsc2021-20241023-en

defense_evasion discovery evasion execution phishing pyinstaller

windows10-ltsc 2021-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  qZBMopqFzc.exe
- Size
  
  10.9MB
- MD5
  
  4e150098282968ae53f70cb438b7ac54
- SHA1
  
  5b75c311c5cb4f34f91795c58d1f8ba3bc8d12a6
- SHA256
  
  c089ff775a43c52eb5ffa830c82f66f4b24301b5472c0b8a7b63988e13481d33
- SHA512
  
  fc25f6667db912120237b8a0767ea5a12a34963c0615a0c633e1741a38e2f91f9de721699ddf5db1ee2368caf67b297ec25e34aa81ad0dee9bfc943626fa9ce3
- SSDEEP
  
  98304:67wDkgcrK0K+LZi5a7eOGGFPv5JInm66wuL:wwDRG9hZi5a7uGF35e76BL
Score

8^/10

defense_evasion discovery evasion execution phishing pyinstaller
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionphishingpyinstaller

© 2018-2025

Terms | Privacy