Overview

overview

7

Static

static

3

TOOL.exe

windows7_x64

7

TOOL.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TOOL.exe

  • Size

    15.3MB

  • Sample

    201124-q3tfajscv2

  • MD5

    93756e29b83c7fcde7846a1dfd30da6a

  • SHA1

    5dbe2cf5b3bcebbaff5f3428303f3acb2afac1e2

  • SHA256

    b6bfb18cb265786cbf4373a6dc82d4b8ec586d90f6a6e2cc72a1a3d20b60dda9

  • SHA512

    5bb417b5700652fb4f4e20b3e6ea3c40b5939eb7ed73137f0ce54ecc7e81a1a03ec599c88788afd3dfa802963374aed4a8147ab5e298308e61a068d257ead65a

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      TOOL.exe

    • Size

      15.3MB

    • MD5

      93756e29b83c7fcde7846a1dfd30da6a

    • SHA1

      5dbe2cf5b3bcebbaff5f3428303f3acb2afac1e2

    • SHA256

      b6bfb18cb265786cbf4373a6dc82d4b8ec586d90f6a6e2cc72a1a3d20b60dda9

    • SHA512

      5bb417b5700652fb4f4e20b3e6ea3c40b5939eb7ed73137f0ce54ecc7e81a1a03ec599c88788afd3dfa802963374aed4a8147ab5e298308e61a068d257ead65a

    Score
    7/10

    • Loads dropped DLL

    • JavaScript code in executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Command-Line Interface

1
T1059

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks