General

  • Target

    f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

  • Size

    188KB

  • Sample

    200709-fvcw7vfbyn

  • MD5

    4bb3e58d375714e27744d106143cf61b

  • SHA1

    802803b91e9439c5bc0a59f73629d2a191e9f4dc

  • SHA256

    f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

  • SHA512

    64cf58bbc58f05d6d08bdf59ce5b7496bf4a4ae97135d8a96c4ed6af7ae319a2b146d79059ff718d481f26198b1f80874fb7111c8bd79fda039e21db3f9424f7

Malware Config

Targets

    • Target

      f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

    • Size

      188KB

    • MD5

      4bb3e58d375714e27744d106143cf61b

    • SHA1

      802803b91e9439c5bc0a59f73629d2a191e9f4dc

    • SHA256

      f434312e8ce38172180f281f6b3951879e82f42a07362f89179d91ded810feea

    • SHA512

      64cf58bbc58f05d6d08bdf59ce5b7496bf4a4ae97135d8a96c4ed6af7ae319a2b146d79059ff718d481f26198b1f80874fb7111c8bd79fda039e21db3f9424f7

    • SamoRAT

      SamoRAT is a .NET malware used to receive and execute different commands on the infected system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks