Resubmissions

22-09-2021 14:35

210922-ryctradad5 10

General

  • Target

    81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

  • Size

    1.2MB

  • Sample

    210922-ryctradad5

  • MD5

    a1f481baa8334ad8a5c65919af2b6346

  • SHA1

    aec7cd3a72d96948bf741bba48048c1b5cf3f036

  • SHA256

    81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

  • SHA512

    e0c28dabe65224c2a40612e18807dc7ccdb58168be304f38f625936b1ebbdf1a6233f6e8f3d3a676e9c82ae3d9e6477cdeac8299c670ae3676b3ca4c3fc434a8

Score
10/10

Malware Config

Targets

    • Target

      81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

    • Size

      1.2MB

    • MD5

      a1f481baa8334ad8a5c65919af2b6346

    • SHA1

      aec7cd3a72d96948bf741bba48048c1b5cf3f036

    • SHA256

      81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

    • SHA512

      e0c28dabe65224c2a40612e18807dc7ccdb58168be304f38f625936b1ebbdf1a6233f6e8f3d3a676e9c82ae3d9e6477cdeac8299c670ae3676b3ca4c3fc434a8

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v6

Tasks