Overview

overview

10

Static

static

10

Mercurial.exe

windows7-x64

7

Mercurial.exe

windows10-2004-x64

8

y�����.pyc

windows7-x64

y�����.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mercurial.exe

  • Size

    9.8MB

  • Sample

    250207-tabmwsylar

  • MD5

    3bf880794834e8bcbbbf9060734acfd8

  • SHA1

    52339a5a36704004d492f5216e79a0568c90199d

  • SHA256

    0f9a723b42319e0b131ea7c1dda2907e7766937cc296840621be757d1be83532

  • SHA512

    9f782e3b383243ee26fd9eac9981f84a96f9820705b691c13f74e4a0c18cd06744618486988489113ae2da25df65dae590035dbcc2f85b43797432c9b6ff4cb5

  • SSDEEP

    196608:fsOOjmFQR4MVGFtwKPmF9mhAqaeGq8PHiFRV104:kKtM5KPm7mCeb8PHma4

Score
10/10
blankgrabberagilenetdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Mercurial.exe

    • Size

      9.8MB

    • MD5

      3bf880794834e8bcbbbf9060734acfd8

    • SHA1

      52339a5a36704004d492f5216e79a0568c90199d

    • SHA256

      0f9a723b42319e0b131ea7c1dda2907e7766937cc296840621be757d1be83532

    • SHA512

      9f782e3b383243ee26fd9eac9981f84a96f9820705b691c13f74e4a0c18cd06744618486988489113ae2da25df65dae590035dbcc2f85b43797432c9b6ff4cb5

    • SSDEEP

      196608:fsOOjmFQR4MVGFtwKPmF9mhAqaeGq8PHiFRV104:kKtM5KPm7mCeb8PHma4

    Score
    8/10
    upxagilenetdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      y�����.pyc

    • Size

      1KB

    • MD5

      d3ad280670883b89eaaa9340fe31bc28

    • SHA1

      f0c67fc3f6521a70a3719919e2421c1ddd5fc3ed

    • SHA256

      27923471d1a3ca2c09f766f49071fe0f2935c5ca12410ff442984414b4d852d3

    • SHA512

      b49561aae434b6eda8f985bd61b1a77eb422295973b67bf08f21fdeed721744d10682cb9d27dc47246d6b8928e8629b60493713610deb47e1ed62cc9f7e6ea90

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks