Overview

overview

10

Static

static

10

vzlom moscow.exe

windows10-ltsc 2021-x64

10

vzlom moscow.exe

windows11-21h2-x64

8

��{��.pyc

windows10-ltsc 2021-x64

��{��.pyc

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vzlom moscow.exe

  • Size

    7.5MB

  • Sample

    241224-s4jd6a1lem

  • MD5

    9410e07e7ce3594da61b33610c5aa82d

  • SHA1

    ef8802b2a2fffade19ec0dfb17756e920680d556

  • SHA256

    f18b9f7365a004c14b829c4148d509805acd9fe44cf6613558afbd8d1bf1ab31

  • SHA512

    8d4e34fba47bf9cde627c84b7673d0aeb0733da319995463c68965a600f774a8db067209746792cc45c2d79fab5a7de42c9bf2dc96ff5ebe9ffb3d246d9628ab

  • SSDEEP

    196608:HAgVVE/fwfI9jUC2gYBYv3vbW2+iITx1U6nA:ZVVEMIH2gYBgDWJTnzA

Score
10/10
blankgrabberdefense_evasiondiscoveryevasionexecutionspywarestealerupx

Malware Config

Targets

    • Target

      vzlom moscow.exe

    • Size

      7.5MB

    • MD5

      9410e07e7ce3594da61b33610c5aa82d

    • SHA1

      ef8802b2a2fffade19ec0dfb17756e920680d556

    • SHA256

      f18b9f7365a004c14b829c4148d509805acd9fe44cf6613558afbd8d1bf1ab31

    • SHA512

      8d4e34fba47bf9cde627c84b7673d0aeb0733da319995463c68965a600f774a8db067209746792cc45c2d79fab5a7de42c9bf2dc96ff5ebe9ffb3d246d9628ab

    • SSDEEP

      196608:HAgVVE/fwfI9jUC2gYBYv3vbW2+iITx1U6nA:ZVVEMIH2gYBgDWJTnzA

    Score
    10/10
    defense_evasiondiscoveryevasionexecutionspywarestealerupx

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

      evasion

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      ��{��.pyc

    • Size

      1KB

    • MD5

      e402dec3c67682304ad43ed19cf4afa2

    • SHA1

      41bddc7c81ea799a377d2010eb55ac4bd17d7308

    • SHA256

      97e623557736c064a37cd52a220003bd4fdcd15c74ba06f548f0b65be52dcfb6

    • SHA512

      bde66c8fe50b0682f067491bf0fb518de661ff62098ac0ce053d2689e0512e80cbb5f30b03d2bd239edf68429a2784dc524ca3927999ea661394c3816229d2c1

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks