General

  • Target

    58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363

  • Size

    604KB

  • Sample

    220625-g6ryjahcgj

  • MD5

    64c9a022dc31aa09718455c6a128c4a0

  • SHA1

    6d90828a3b4f2b4469cb87ce4aba6f51e689bb65

  • SHA256

    58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363

  • SHA512

    209ba13229acbe7453c83c2e7a8b01dbeb805347d2e9a2b3fa81822bde538b4a5e013b28439315e54de7e6278a5fce1b07d98ebb27661c4c089735e38c1d659a

Score
10/10

Malware Config

Targets

    • Target

      58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363

    • Size

      604KB

    • MD5

      64c9a022dc31aa09718455c6a128c4a0

    • SHA1

      6d90828a3b4f2b4469cb87ce4aba6f51e689bb65

    • SHA256

      58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363

    • SHA512

      209ba13229acbe7453c83c2e7a8b01dbeb805347d2e9a2b3fa81822bde538b4a5e013b28439315e54de7e6278a5fce1b07d98ebb27661c4c089735e38c1d659a

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks