Overview

overview

10

Static

static

girlGirlBoys.jpg.dll

windows7_x64

10

girlGirlBoys.jpg.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    girlGirlBoys.jpg.dll

  • Size

    1.2MB

  • Sample

    210722-1sfy4l21wj

  • MD5

    765dd6425582672e4c2cca5929598848

  • SHA1

    32284fcaeb0310f34a1b5fff46f4bd7e8e17251a

  • SHA256

    0cdd088afc4cb6d2f0d39b6b05c49398309baafb38309cbe89f222eaa2042f86

  • SHA512

    8349b824e6001b3cdc7f8d7fa332b2308c6a21c232f54c46bd537778e15214962a319478a790f0a0f5b640d25fb77e442bb92897c3a688fa7ebca496243711eb

Score
10/10

Malware Config

Targets

    • Target

      girlGirlBoys.jpg.dll

    • Size

      1.2MB

    • MD5

      765dd6425582672e4c2cca5929598848

    • SHA1

      32284fcaeb0310f34a1b5fff46f4bd7e8e17251a

    • SHA256

      0cdd088afc4cb6d2f0d39b6b05c49398309baafb38309cbe89f222eaa2042f86

    • SHA512

      8349b824e6001b3cdc7f8d7fa332b2308c6a21c232f54c46bd537778e15214962a319478a790f0a0f5b640d25fb77e442bb92897c3a688fa7ebca496243711eb

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks