Overview

overview

10

Static

static

c202f1103c...72.exe

windows7_x64

3

c202f1103c...72.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c202f1103c957930ec4cc01b43dfd472

  • Size

    96KB

  • Sample

    211024-k964eaeehm

  • MD5

    c202f1103c957930ec4cc01b43dfd472

  • SHA1

    ffed9fc2e035d31f1b2e098471e8ec70334ff9fc

  • SHA256

    7dc7ca24149bd2f34bc1bf8942cb3ed8730482e4e90a16b5333092ddb80bd084

  • SHA512

    569aa632a2677cb9d1b0186f19676161853ceea55cb6ee94cfcc6ad4b558c57a2694ab0d2dc541484e4099530b2aab742b95d08c093150efa6585d98ce6356e4

Score
10/10
suricata

Malware Config

Targets

    • Target

      c202f1103c957930ec4cc01b43dfd472

    • Size

      96KB

    • MD5

      c202f1103c957930ec4cc01b43dfd472

    • SHA1

      ffed9fc2e035d31f1b2e098471e8ec70334ff9fc

    • SHA256

      7dc7ca24149bd2f34bc1bf8942cb3ed8730482e4e90a16b5333092ddb80bd084

    • SHA512

      569aa632a2677cb9d1b0186f19676161853ceea55cb6ee94cfcc6ad4b558c57a2694ab0d2dc541484e4099530b2aab742b95d08c093150efa6585d98ce6356e4

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE ClipBanker Variant Activity (POST)

      suricata: ET MALWARE ClipBanker Variant Activity (POST)

      suricata

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks