Overview

overview

10

Static

static

10

LigmaFEBYPASS(1).zip

windows7-x64

1

LigmaFEBYPASS(1).zip

windows10-2004-x64

1

LigmaFEBYPASS.exe

windows7-x64

7

LigmaFEBYPASS.exe

windows10-2004-x64

8

�ê-��.pyc

windows7-x64

�ê-��.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LigmaFEBYPASS(1).rar

  • Size

    6.6MB

  • Sample

    250201-14xwjsspbs

  • MD5

    32b26371d5b0b869c3cfcc5f96466c58

  • SHA1

    86ae81e21c1317538892610b1411c314675a1eef

  • SHA256

    03f914dae6fc3707705ca9e51ffdfb5b62aa10dd687aa164eca59af4f5d4e7fb

  • SHA512

    c4e2cc7f41900e85441587081bf5ee0dcb5559534341670ca768d158303f5c4e69de0dd3aef1c55c17131f96079b69673b6783e843e375b0974e17d26bc77f66

  • SSDEEP

    196608:Ljoww5ajddN6S5Xc8OwyYyvYdaJhM4zkbIO:vZddAmc8OwjUM4g8O

Score
10/10
blankgrabberdefense_evasiondiscoveryexecutionupx

Malware Config

Targets

    • Target

      LigmaFEBYPASS(1).rar

    • Size

      6.6MB

    • MD5

      32b26371d5b0b869c3cfcc5f96466c58

    • SHA1

      86ae81e21c1317538892610b1411c314675a1eef

    • SHA256

      03f914dae6fc3707705ca9e51ffdfb5b62aa10dd687aa164eca59af4f5d4e7fb

    • SHA512

      c4e2cc7f41900e85441587081bf5ee0dcb5559534341670ca768d158303f5c4e69de0dd3aef1c55c17131f96079b69673b6783e843e375b0974e17d26bc77f66

    • SSDEEP

      196608:Ljoww5ajddN6S5Xc8OwyYyvYdaJhM4zkbIO:vZddAmc8OwjUM4g8O

    Score
    1/10
    behavioral1behavioral2

    • Target

      LigmaFEBYPASS.txt

    • Size

      6.7MB

    • MD5

      94a15cac05cf17973af24fdff7085f1a

    • SHA1

      8a5ed7c1ffb26e60099af67e812b4f4bf92715f5

    • SHA256

      fa8a0e24d531b7f4dcdeb5e9c32c5aae5e3bc2db4ddb19da38eb3bfb21c01a7e

    • SHA512

      e267e462a1767d09e02dd066c9b5a13d23090e0ffdba027466ff47d1a855e0cc7de7472a81c7dca32021c79c66ff9807f850475b465480729b3b946a29f572e1

    • SSDEEP

      196608:2qFMeN/FJMIDJf0gsAGK5SEQR8kxhLYae:P/Fqyf0gsfN8kzM9

    Score
    8/10
    upxdefense_evasiondiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      �ê-��.pyc

    • Size

      857B

    • MD5

      ebe0661655ed5e1b5bf2999413f12f6a

    • SHA1

      46e72196fbc99684b5d1de0b5a60b92d27b8c5a1

    • SHA256

      77e790d06c51ed2a3395d67511e34b73ad0b4e99e1b635392d09ba64ab75021e

    • SHA512

      0c31ffb3c79b29ccbfba6570d84b42526f91d21a2c20ab5c158e0d38225877c01297204c2aa858f3b207f3b0570062d164b1dbedcf3ef9949e93ea38f14265c8

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks