Resubmissions

22-09-2021 14:12

210922-rh4yasfecj 10

General

  • Target

    d7a6495589f3f791fe1a074c64922c17979229a79e5f0a57046254d9fd712eee

  • Size

    434KB

  • Sample

    210922-rh4yasfecj

  • MD5

    abac8b5fb6a305939c7ac38ea06666bd

  • SHA1

    b42bbb582a8bbf08e865e5181dba0f67c659763e

  • SHA256

    d7a6495589f3f791fe1a074c64922c17979229a79e5f0a57046254d9fd712eee

  • SHA512

    287e06f2ba0a071fb4cb0a62f127cd38c47225d0808fb685773eeb132bb9d7de06a401bab7d86714785cee04b27c40e93eeae7ade2eab1f5d200188b477671da

Score
10/10

Malware Config

Targets

    • Target

      d7a6495589f3f791fe1a074c64922c17979229a79e5f0a57046254d9fd712eee

    • Size

      434KB

    • MD5

      abac8b5fb6a305939c7ac38ea06666bd

    • SHA1

      b42bbb582a8bbf08e865e5181dba0f67c659763e

    • SHA256

      d7a6495589f3f791fe1a074c64922c17979229a79e5f0a57046254d9fd712eee

    • SHA512

      287e06f2ba0a071fb4cb0a62f127cd38c47225d0808fb685773eeb132bb9d7de06a401bab7d86714785cee04b27c40e93eeae7ade2eab1f5d200188b477671da

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v6

Tasks