General

  • Target

    07a18b754b23c2c60611157505d1f5bb4f5632c7759f5dc1de210b345a6041ce

  • Size

    804KB

  • Sample

    220524-cvkb4affdn

  • MD5

    779c916f06f8af3285ee0f68c885e190

  • SHA1

    ed7148c43abe6c5e5245e87f2a2d9d15472c2322

  • SHA256

    07a18b754b23c2c60611157505d1f5bb4f5632c7759f5dc1de210b345a6041ce

  • SHA512

    ba4dd27afab32ac376dbc357c94dccf3a2f8409eb485f7891dad66ea7dc27419cea5c012b0534b983f0fb5e8e084d3e0660854e3f7e4ac094e3c644d284707dd

Score
10/10

Malware Config

Targets

    • Target

      07a18b754b23c2c60611157505d1f5bb4f5632c7759f5dc1de210b345a6041ce

    • Size

      804KB

    • MD5

      779c916f06f8af3285ee0f68c885e190

    • SHA1

      ed7148c43abe6c5e5245e87f2a2d9d15472c2322

    • SHA256

      07a18b754b23c2c60611157505d1f5bb4f5632c7759f5dc1de210b345a6041ce

    • SHA512

      ba4dd27afab32ac376dbc357c94dccf3a2f8409eb485f7891dad66ea7dc27419cea5c012b0534b983f0fb5e8e084d3e0660854e3f7e4ac094e3c644d284707dd

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks