Overview

overview

10

Static

static

10

Driver!.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Driver!.exe

  • Size

    25.0MB

  • Sample

    250326-fblycsxwev

  • MD5

    d59c641106a0f84c7f10d9d5d7b81f32

  • SHA1

    dfb4174de562975db1f24d932603e713545ed722

  • SHA256

    ae3541713637f26703a152a64e7b2f8419128d950dca68d7adb418b4d698ae23

  • SHA512

    97fe9bde621f21795d976d8e3c654e6e9338129341b504785ee2ce1361279b95ece9b9ef635c617b5c162135e540b9c4058d83aa8d7505505eb6f5af7eaed930

  • SSDEEP

    196608:GWE0Ne1qAS4eNTfm/pf+xk4dWRimrbW3jmyL:rXAS3y/pWu4kRimrbmyU

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Driver!.exe

    • Size

      25.0MB

    • MD5

      d59c641106a0f84c7f10d9d5d7b81f32

    • SHA1

      dfb4174de562975db1f24d932603e713545ed722

    • SHA256

      ae3541713637f26703a152a64e7b2f8419128d950dca68d7adb418b4d698ae23

    • SHA512

      97fe9bde621f21795d976d8e3c654e6e9338129341b504785ee2ce1361279b95ece9b9ef635c617b5c162135e540b9c4058d83aa8d7505505eb6f5af7eaed930

    • SSDEEP

      196608:GWE0Ne1qAS4eNTfm/pf+xk4dWRimrbW3jmyL:rXAS3y/pWu4kRimrbmyU

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks