General

  • Target

    6a0000.exe

  • Size

    434KB

  • Sample

    210305-pybmrl84qs

  • MD5

    15d485b47f0275fd25fc2db2050b97df

  • SHA1

    e2037c4ceda79e5fa103d5da74b9d4bca59ae915

  • SHA256

    1bb6fb4d17c2bc64645d9ea67e3f3b34c4cc3b082c70676b202ebcd59762c3c2

  • SHA512

    caeb1b51d59fb75ea1bbb2f5cd7582f3dd6ca296b05a679ca5218807f73c08a3ae134f6c140b6ca7dd0b66aba395264e6fbfc4fc9b8f1d07d6667e382bcb8211

Score
10/10

Malware Config

Targets

    • Target

      6a0000.exe

    • Size

      434KB

    • MD5

      15d485b47f0275fd25fc2db2050b97df

    • SHA1

      e2037c4ceda79e5fa103d5da74b9d4bca59ae915

    • SHA256

      1bb6fb4d17c2bc64645d9ea67e3f3b34c4cc3b082c70676b202ebcd59762c3c2

    • SHA512

      caeb1b51d59fb75ea1bbb2f5cd7582f3dd6ca296b05a679ca5218807f73c08a3ae134f6c140b6ca7dd0b66aba395264e6fbfc4fc9b8f1d07d6667e382bcb8211

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks