Overview

overview

10

Static

static

10

DA-EX.exe

windows7-x64

7

DA-EX.exe

windows10-2004-x64

8

�r�|x��.pyc

windows7-x64

�r�|x��.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DA-EX.exe

  • Size

    5.9MB

  • Sample

    241214-gss9favrhm

  • MD5

    35e367c32f350da0eb07355405e9055c

  • SHA1

    7ca83be4b4cca9e5c9c284166f6a7461c9b6601c

  • SHA256

    d282f2906445857b9795c6e67b3897e0e30bf6302d876f54ad5a3cd874e20202

  • SHA512

    b4671906cd67ff232b492f9f6ab5f398d4c6ebb43ebdd181904bb2cee82b4362b33aeb52271cdc1d386be7d79b4de5db64bd82f24dedc9f144e9e04e427f709d

  • SSDEEP

    98304:l5EtdFBGrHwamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RQOuAKHCZG+G:lYFErHReN/FJMIDJf0gsAGK4RbuAKHxv

Score
10/10
blankgrabbercollectiondefense_evasiondiscoveryexecutionupx

Malware Config

Targets

    • Target

      DA-EX.exe

    • Size

      5.9MB

    • MD5

      35e367c32f350da0eb07355405e9055c

    • SHA1

      7ca83be4b4cca9e5c9c284166f6a7461c9b6601c

    • SHA256

      d282f2906445857b9795c6e67b3897e0e30bf6302d876f54ad5a3cd874e20202

    • SHA512

      b4671906cd67ff232b492f9f6ab5f398d4c6ebb43ebdd181904bb2cee82b4362b33aeb52271cdc1d386be7d79b4de5db64bd82f24dedc9f144e9e04e427f709d

    • SSDEEP

      98304:l5EtdFBGrHwamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RQOuAKHCZG+G:lYFErHReN/FJMIDJf0gsAGK4RbuAKHxv

    Score
    8/10
    upxcollectiondefense_evasiondiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      �r�|x��.pyc

    • Size

      857B

    • MD5

      c252c86ce54bd55e5033ccc409b9d3c5

    • SHA1

      0850472d5e5e13bdcb80470ae2e1fa86010361d1

    • SHA256

      bd6bb46206567c8daac6b2b2a8aba45c7096d6164b9139b6c81b5a3a8fed6621

    • SHA512

      0bdbaf5fb74469b7991a072ec8e0434f65da2a05ac699977a555f3daa15c8d0c80d263d5d06cf3be9c18d45a2d51e974982646d22f7490c3ef5c48fc0d4f5f41

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks