Overview

overview

8

Static

static

eee8b6b36e...3a.exe

windows7_x64

8

eee8b6b36e...3a.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eee8b6b36e877d7294ca94dc10d7f53a.exe

  • Size

    1.2MB

  • Sample

    210408-t4rxrhkc5s

  • MD5

    eee8b6b36e877d7294ca94dc10d7f53a

  • SHA1

    fb1c2c074619efe1030c59e8ee5038540af870a2

  • SHA256

    81d9143600e38e058a53b635574f2b8e64f5cb69c0832497ce13b98a26f0293f

  • SHA512

    7eb00504ce72d77bffc474590a4e85c7001f094546cc1030f4d944ae5d0a36fd12f55a5845c666e04024455eb788c9355e18ab5f2981a828b2ef372948931c92

Score
8/10

Malware Config

Targets

    • Target

      eee8b6b36e877d7294ca94dc10d7f53a.exe

    • Size

      1.2MB

    • MD5

      eee8b6b36e877d7294ca94dc10d7f53a

    • SHA1

      fb1c2c074619efe1030c59e8ee5038540af870a2

    • SHA256

      81d9143600e38e058a53b635574f2b8e64f5cb69c0832497ce13b98a26f0293f

    • SHA512

      7eb00504ce72d77bffc474590a4e85c7001f094546cc1030f4d944ae5d0a36fd12f55a5845c666e04024455eb788c9355e18ab5f2981a828b2ef372948931c92

    Score
    8/10

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks