General

  • Target

    1e9fc7f32bd5522dd0222932eb9f1d8bd0a2e132c7b46cfcc622ad97831e6128.bin

  • Size

    352KB

  • Sample

    220610-pp53tsfdf7

  • MD5

    5a7a90ceb6e7137c753d8de226fc7947

  • SHA1

    204a603c409e559b65c35208200a169a232da94c

  • SHA256

    1e9fc7f32bd5522dd0222932eb9f1d8bd0a2e132c7b46cfcc622ad97831e6128

  • SHA512

    a1f8dcf279b0f0b74d4e7890f118bbf27d0c20da75ebb670c0ee41dae6e16eae86c05fea5a6b51756b93360b8965545c3bde76b2beefeebed44a19fa42af79ed

Malware Config

Targets

    • Target

      1e9fc7f32bd5522dd0222932eb9f1d8bd0a2e132c7b46cfcc622ad97831e6128.bin

    • Size

      352KB

    • MD5

      5a7a90ceb6e7137c753d8de226fc7947

    • SHA1

      204a603c409e559b65c35208200a169a232da94c

    • SHA256

      1e9fc7f32bd5522dd0222932eb9f1d8bd0a2e132c7b46cfcc622ad97831e6128

    • SHA512

      a1f8dcf279b0f0b74d4e7890f118bbf27d0c20da75ebb670c0ee41dae6e16eae86c05fea5a6b51756b93360b8965545c3bde76b2beefeebed44a19fa42af79ed

    • Detect WinDealer information stealer

    • WinDealer

      WinDealer is an info stealer used by LuoYu group.

    • suricata: ET MALWARE Win32/WinDealer CnC Activity (Checkin)

      suricata: ET MALWARE Win32/WinDealer CnC Activity (Checkin)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks