Overview

overview

10

Static

static

10

AstroSpoofer.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AstroSpoofer.exe

  • Size

    7.5MB

  • Sample

    250209-xzst9azmfl

  • MD5

    248610c7ac4b0571e778a705e674dd48

  • SHA1

    7bd2889ee6958dc79014d1eb0d9831fffad9764a

  • SHA256

    3876bbc02a48553a16504b85a2ae924c1a001015cb282a4ab8fd2e669312b504

  • SHA512

    530cb1f9e4a2a3ff08c3310849e3fd2abbe50dc260790b912b4c27a281de4e555a2b35a5f59ca02598e1437b6abe849cde7b22463de7f53eb8c69daaeab5f7ea

  • SSDEEP

    196608:AWwcvwfI9jUCH0+n4/JKIYJmg+Irj+dD1SAxU:7kIHU+GJPYf9ydD1w

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      AstroSpoofer.exe

    • Size

      7.5MB

    • MD5

      248610c7ac4b0571e778a705e674dd48

    • SHA1

      7bd2889ee6958dc79014d1eb0d9831fffad9764a

    • SHA256

      3876bbc02a48553a16504b85a2ae924c1a001015cb282a4ab8fd2e669312b504

    • SHA512

      530cb1f9e4a2a3ff08c3310849e3fd2abbe50dc260790b912b4c27a281de4e555a2b35a5f59ca02598e1437b6abe849cde7b22463de7f53eb8c69daaeab5f7ea

    • SSDEEP

      196608:AWwcvwfI9jUCH0+n4/JKIYJmg+Irj+dD1SAxU:7kIHU+GJPYf9ydD1w

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks