Overview

overview

10

Static

static

10

beks.exe

windows7-x64

3

beks.exe

windows10-2004-x64

3

cr.dll

windows7-x64

3

cr.dll

windows10-2004-x64

3

psiniziale.ps1

windows7-x64

3

psiniziale.ps1

windows10-2004-x64

8

zukaz.ps1

windows7-x64

3

zukaz.ps1

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.7z

  • Size

    2.8MB

  • Sample

    241121-tp9hgatldz

  • MD5

    652c2a95a65f76777351240e7bcb867d

  • SHA1

    78c0bacfdefa6e64d31f58679f18c928c5a1dd42

  • SHA256

    10b6c6bd541da6499afb8f64de0c876cb144e3f6a03c744b01fe8009de572bf7

  • SHA512

    43f79008d85d2f79149450c52b75817e809a3e7d99f6d475a4cc2d8bdcc59c1d219874e361fc6023368d5e71415042eae343a17e1ca1a1b125f9209a11084430

  • SSDEEP

    49152:fbsoQgRSyVqpjcKgaPj3IrvOzaWsQwAuNkqw9TvLHz5KP/6wK5a2U576AZqVbA1u:jBNrVmpgws7TNkqw9TfIPy/k75e8XNdQ

Score
10/10
discoveryexecution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://fadeaway.supply/krekan.zip

Targets

    • Target

      beks.exe

    • Size

      4.8MB

    • MD5

      02a3ff6cf40a59890512e2199c3a3256

    • SHA1

      ab40be16054aeb4329b365d7ccc3f62d214522dc

    • SHA256

      a539405f9e4c86ce4ade7fdfe39ecc2da493083654f5cd6662bb14b9bbb9ca53

    • SHA512

      f5fc68275c9d9ae0e0c3d9a6f20bc05a9e2c58ffe8f82798d7cd4df1115386a774459460fe375a03b48af17bdc663b5136743c5fa6e6ff85b2758f69fc80b599

    • SSDEEP

      98304:pg3dysrgORuObPjwiNaDk+gS5Oxd6jsyYhngwCPHKpiSy22OT9fGXxdGLicUEiL:2QsrgORuObPjwiNaQ+gS5Oxd6jsyYhnv

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      cr.dll

    • Size

      5.7MB

    • MD5

      2a53c7f50b074db464f7dacfcbad3be8

    • SHA1

      37061b97ecf311c6165832293f55928fc31dd0c4

    • SHA256

      ee5c5dd1aee927a6bcb8e390a0d2c5adcda66da5ec9e7d41b22014dd3181e793

    • SHA512

      2384285ebbcc43a409f4cbec20e7e129502804683b1274d1a087e83289523fa9ba6b74243eaa96bd051fb072e16facc5bbbffde818aaa2857cd66463c43199b2

    • SSDEEP

      98304:Mvl890Fp9GavfikQQd0aR+AGEAyhjSOwTZL5JLaKl4b9t8ckijA1BsF6Pe6M1N2N:Mvl890FGifikQQd0aR+AGEAyhjSOwTZV

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      psiniziale.ps1

    • Size

      498B

    • MD5

      c26768a5961c38415ae0d4100ed280ed

    • SHA1

      ad96a0593e494ddf98feb3094521f858ae53abb0

    • SHA256

      a2934d3110084fbb9656ba92a0a94f5508b5000e8461f3135e60c1e7c7e94caa

    • SHA512

      754286947111fe52bf512da0c97ec790d6e75979ffead2dc0fbcdcbe23e39d371f8fbaeed592588166542bece9fbaf5eb42909b8e72ddf76f1ce13ca73f6b0e2

    Score
    8/10
    executiondiscovery

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      zukaz.txt

    • Size

      498B

    • MD5

      c26768a5961c38415ae0d4100ed280ed

    • SHA1

      ad96a0593e494ddf98feb3094521f858ae53abb0

    • SHA256

      a2934d3110084fbb9656ba92a0a94f5508b5000e8461f3135e60c1e7c7e94caa

    • SHA512

      754286947111fe52bf512da0c97ec790d6e75979ffead2dc0fbcdcbe23e39d371f8fbaeed592588166542bece9fbaf5eb42909b8e72ddf76f1ce13ca73f6b0e2

    Score
    8/10
    executiondiscovery

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks