Overview

overview

10

Static

static

10

Idk Some P...V2.exe

windows7-x64

7

Idk Some P...V2.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Idk Some Player Tracker V2.exe

  • Size

    59.4MB

  • Sample

    250120-v78vbs1kgm

  • MD5

    15472d9cfd79d81953f1f9aafe27b479

  • SHA1

    de822ee2c26c9392462e54c59a04cf5952aa29cd

  • SHA256

    840ec83b5a0dcf168170cecf1b83c479101ca0714fe0506aa961156e21f3ff59

  • SHA512

    03e037547664220ff8500d4650ae8c614ac39aa6bb7219acdd3a4decd7397f166bb7500cccf8ab02b04f9cdfaf4c305c5d2a09e2529dc594b07fc022f0dc1f58

  • SSDEEP

    1572864://VldWKDmYOkiqOv8im2AUdAzE7VFlhq83PYCnDZT:FP3DmYOknOv8i3XAWLr39B

Score
10/10
pysilondefense_evasiondiscoveryexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Idk Some Player Tracker V2.exe

    • Size

      59.4MB

    • MD5

      15472d9cfd79d81953f1f9aafe27b479

    • SHA1

      de822ee2c26c9392462e54c59a04cf5952aa29cd

    • SHA256

      840ec83b5a0dcf168170cecf1b83c479101ca0714fe0506aa961156e21f3ff59

    • SHA512

      03e037547664220ff8500d4650ae8c614ac39aa6bb7219acdd3a4decd7397f166bb7500cccf8ab02b04f9cdfaf4c305c5d2a09e2529dc594b07fc022f0dc1f58

    • SSDEEP

      1572864://VldWKDmYOkiqOv8im2AUdAzE7VFlhq83PYCnDZT:FP3DmYOknOv8i3XAWLr39B

    Score
    9/10
    discoveryupxdefense_evasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks