Resubmissions

03-01-2022 15:51

220103-tagh5sbdh2 10

General

  • Target

    kr.exe

  • Size

    786KB

  • Sample

    220103-tagh5sbdh2

  • MD5

    899dc9cc6e7516536bf5e816e8cecf55

  • SHA1

    6c07fc00ed2202798194749aa8037bb0ad38bb00

  • SHA256

    5f84ad4413ad6dcdea0cb3aa206cc4df29e1bad9d9598912c323c931d568ac90

  • SHA512

    445016f0e37ee3ecec319b73713d083711608c044f855e16268f89c88d460e95d85b79d375534ac6b7a4a0e869c49470d49b7e325ff0507c550107d593ae688c

Score
10/10

Malware Config

Targets

    • Target

      kr.exe

    • Size

      786KB

    • MD5

      899dc9cc6e7516536bf5e816e8cecf55

    • SHA1

      6c07fc00ed2202798194749aa8037bb0ad38bb00

    • SHA256

      5f84ad4413ad6dcdea0cb3aa206cc4df29e1bad9d9598912c323c931d568ac90

    • SHA512

      445016f0e37ee3ecec319b73713d083711608c044f855e16268f89c88d460e95d85b79d375534ac6b7a4a0e869c49470d49b7e325ff0507c550107d593ae688c

    Score
    10/10
    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v6

Tasks