Overview

overview

10

Static

static

10

NIGGERSLAVE.exe

windows7-x64

7

NIGGERSLAVE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NIGGERSLAVE.exe

  • Size

    7.1MB

  • Sample

    250118-y5qshssrht

  • MD5

    fc811f5134e5a18bae65f1eb6c4bc7e6

  • SHA1

    e21f484b51ab71e67299a12b82c178e85385cf88

  • SHA256

    2c974529f0ba6cf41aca2de5cafee8cd89d080cb41c6e1a4e41302b4c86c6c07

  • SHA512

    eb51a95103f24c6a982a02e03c66b54a9fed91a5d1e2105494d731600bef30b52eb4e04421357c4955c50ef356bc7375a7624608696c38efb53d2802655a695a

  • SSDEEP

    98304:uuCIfhvpj/q12MMD/x/0feyGgatbQ940BDlgwdnpka9R/k9t+2SzIrzUGt+otMew:uHOpj/WSDfyGgqwBdnpkYRMsc81e8yN6

Score
10/10
blankgrabberdiscoveryexecution

Malware Config

Targets

    • Target

      NIGGERSLAVE.exe

    • Size

      7.1MB

    • MD5

      fc811f5134e5a18bae65f1eb6c4bc7e6

    • SHA1

      e21f484b51ab71e67299a12b82c178e85385cf88

    • SHA256

      2c974529f0ba6cf41aca2de5cafee8cd89d080cb41c6e1a4e41302b4c86c6c07

    • SHA512

      eb51a95103f24c6a982a02e03c66b54a9fed91a5d1e2105494d731600bef30b52eb4e04421357c4955c50ef356bc7375a7624608696c38efb53d2802655a695a

    • SSDEEP

      98304:uuCIfhvpj/q12MMD/x/0feyGgatbQ940BDlgwdnpka9R/k9t+2SzIrzUGt+otMew:uHOpj/WSDfyGgqwBdnpkYRMsc81e8yN6

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks