6a0000.exe

General
Target

6a0000.exe

Size

434KB

Sample

210305-pybmrl84qs

Score
10 /10
MD5

15d485b47f0275fd25fc2db2050b97df

SHA1

e2037c4ceda79e5fa103d5da74b9d4bca59ae915

SHA256

1bb6fb4d17c2bc64645d9ea67e3f3b34c4cc3b082c70676b202ebcd59762c3c2

SHA512

caeb1b51d59fb75ea1bbb2f5cd7582f3dd6ca296b05a679ca5218807f73c08a3ae134f6c140b6ca7dd0b66aba395264e6fbfc4fc9b8f1d07d6667e382bcb8211

Malware Config
Targets
Target

6a0000.exe

MD5

15d485b47f0275fd25fc2db2050b97df

Filesize

434KB

Score
10 /10
SHA1

e2037c4ceda79e5fa103d5da74b9d4bca59ae915

SHA256

1bb6fb4d17c2bc64645d9ea67e3f3b34c4cc3b082c70676b202ebcd59762c3c2

SHA512

caeb1b51d59fb75ea1bbb2f5cd7582f3dd6ca296b05a679ca5218807f73c08a3ae134f6c140b6ca7dd0b66aba395264e6fbfc4fc9b8f1d07d6667e382bcb8211

Tags

Signatures

  • Osiris

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10