Overview

overview

8

Static

static

3

mainscript.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mainscript.exe

  • Size

    19.1MB

  • Sample

    241121-gqg4dsyepe

  • MD5

    ab8c8cf27b675ed2553cd45c135babc7

  • SHA1

    256c5017d992b395d04b7709b6197a34541e36c2

  • SHA256

    08ca37066bbfd7c9d5c42a5be1e667983857723dfccc87f1a74e1f1b8ee7ba71

  • SHA512

    fa94f68ca3807424642f19ee7f6023d760be2ad90d6202449cde29cde9276abc0b71cc83ac53168e5c2b732cc05b2aaa7f8394e12793554f5a519213ee529759

  • SSDEEP

    393216:wvi6yQ9I6IkxSVpW828GG1+TtIiFqY9Z8D8CcluhBOvMyCcEm8t01DIHz:94Mk2W828j1QtI7a8DZc81BFmNDIT

Score
8/10
discoveryexecutionpersistenceprivilege_escalationpyinstaller

Malware Config

Targets

    • Target

      mainscript.exe

    • Size

      19.1MB

    • MD5

      ab8c8cf27b675ed2553cd45c135babc7

    • SHA1

      256c5017d992b395d04b7709b6197a34541e36c2

    • SHA256

      08ca37066bbfd7c9d5c42a5be1e667983857723dfccc87f1a74e1f1b8ee7ba71

    • SHA512

      fa94f68ca3807424642f19ee7f6023d760be2ad90d6202449cde29cde9276abc0b71cc83ac53168e5c2b732cc05b2aaa7f8394e12793554f5a519213ee529759

    • SSDEEP

      393216:wvi6yQ9I6IkxSVpW828GG1+TtIiFqY9Z8D8CcluhBOvMyCcEm8t01DIHz:94Mk2W828j1QtI7a8DZc81BFmNDIT

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalation

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks