General

  • Target

    3fdce9adbb044daae8fc3e9a2bc1475d10ff6f9af954d1b6d492e4df168d2a70

  • Size

    732KB

  • Sample

    220524-dedeaadbh7

  • MD5

    096250d5325b05f973e0280c9c481971

  • SHA1

    d91f3d116f970d99278defd24673b619cbc9771c

  • SHA256

    3fdce9adbb044daae8fc3e9a2bc1475d10ff6f9af954d1b6d492e4df168d2a70

  • SHA512

    73c96eb8aab43f1ee5c6a50da361cc279e94d6376b3f730841f262d89cc725b52be1a12b845e779943beae029e38d9e3e35fa8cc9705a29c7cf01150a4e679c9

Score
10/10

Malware Config

Targets

    • Target

      3fdce9adbb044daae8fc3e9a2bc1475d10ff6f9af954d1b6d492e4df168d2a70

    • Size

      732KB

    • MD5

      096250d5325b05f973e0280c9c481971

    • SHA1

      d91f3d116f970d99278defd24673b619cbc9771c

    • SHA256

      3fdce9adbb044daae8fc3e9a2bc1475d10ff6f9af954d1b6d492e4df168d2a70

    • SHA512

      73c96eb8aab43f1ee5c6a50da361cc279e94d6376b3f730841f262d89cc725b52be1a12b845e779943beae029e38d9e3e35fa8cc9705a29c7cf01150a4e679c9

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks