General

  • Target

    3547550900d39131e5f670560072fc4a4314bf3a7b7757c3b3c2fb315b70d9a8

  • Size

    812KB

  • Sample

    220619-wtzvyaaec2

  • MD5

    9de6099c8ff65db0bfea060cdf8cce74

  • SHA1

    e370e6cc97c9be6abf41c142ab69699833488b72

  • SHA256

    3547550900d39131e5f670560072fc4a4314bf3a7b7757c3b3c2fb315b70d9a8

  • SHA512

    a5c518d53366aa467436c2f02972903d43a988acb6e1d647b49bb949c04b1f316b7eb4c34736b96ae82f5f6262b2b2288556e2b24009df1d9e634a6bbf073f61

Score
10/10

Malware Config

Targets

    • Target

      3547550900d39131e5f670560072fc4a4314bf3a7b7757c3b3c2fb315b70d9a8

    • Size

      812KB

    • MD5

      9de6099c8ff65db0bfea060cdf8cce74

    • SHA1

      e370e6cc97c9be6abf41c142ab69699833488b72

    • SHA256

      3547550900d39131e5f670560072fc4a4314bf3a7b7757c3b3c2fb315b70d9a8

    • SHA512

      a5c518d53366aa467436c2f02972903d43a988acb6e1d647b49bb949c04b1f316b7eb4c34736b96ae82f5f6262b2b2288556e2b24009df1d9e634a6bbf073f61

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks