Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    291dd93ff5ffd7c8c108767855b77b3a1fbae2755cc650b884f42e1903884041.bin.sample.gz

  • Size

    41KB

  • Sample

    210609-cb5hd5xnsj

  • MD5

    a5f83d9514efd0c0fd306f582b4e326e

  • SHA1

    9253de6203b2f982238e6a7d075a1a8cf14d8cb7

  • SHA256

    d51bea68eb60caea4b3243ee40651a7345e54127775cc47f78afeca69ceadf0d

  • SHA512

    e4a5d1c25a63f69254e459c40b5604d7954adac40d607edc8143d104c6ec8f49c69ffe1695fc075a56f3746c24aba217414bd175ddc975a89ed3d89fd478275e

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.cock.li
  • Port:
    587
  • Username:
    SendServerInfo@hitler.rocks
  • Password:
    jesuscrypt

Targets

    • Target

      sample

    • Size

      41KB

    • MD5

      b580c140a245f68291f7d4159272beeb

    • SHA1

      96d61bb4105f2a331bb3d7b733d77666286e8954

    • SHA256

      291dd93ff5ffd7c8c108767855b77b3a1fbae2755cc650b884f42e1903884041

    • SHA512

      5241380c3613e11de37c2125de09b80933b4bd2e8a1def667fd035bea3f0a7c5e5d7707d940fea8d7e4aab1030fac0c03318e84717ba2feccfad7f01b0b1e676

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks