3175c7553b29a8e22676a4d4bd7b0ce2.exe

General
Target

3175c7553b29a8e22676a4d4bd7b0ce2.exe

Size

7MB

Sample

201010-r86ph1jg7a

Score
10 /10
MD5

3175c7553b29a8e22676a4d4bd7b0ce2

SHA1

63af951a129db06f9d5a1be781e8bb9df818da9c

SHA256

38a36c357a50c0f3d6ba6cbaa600507d485271ac452212850dff78f1a430f9e1

SHA512

d5e87b6ba9448575f4be4988999d8050b1b6218ad505484e67c1bfacae4cfb55b0166105fe53dc148d99344e8b73f4a5df8ea8d8f73ebafce798221e8cf65067

Malware Config
Targets
Target

3175c7553b29a8e22676a4d4bd7b0ce2.exe

MD5

3175c7553b29a8e22676a4d4bd7b0ce2

Filesize

7MB

Score
8 /10
SHA1

63af951a129db06f9d5a1be781e8bb9df818da9c

SHA256

38a36c357a50c0f3d6ba6cbaa600507d485271ac452212850dff78f1a430f9e1

SHA512

d5e87b6ba9448575f4be4988999d8050b1b6218ad505484e67c1bfacae4cfb55b0166105fe53dc148d99344e8b73f4a5df8ea8d8f73ebafce798221e8cf65067

Tags

Signatures

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Loads dropped DLL

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        10/10

                        behavioral1

                        8/10

                        behavioral2

                        8/10