General

  • Target

    4bd72979db980a1f04bef54cd5a277d83422d5353a8453a867b1cd8a9bca446f

  • Size

    623KB

  • Sample

    220712-khc19aadel

  • MD5

    a12c1e631a3dd5e4353bbedf1e6867ea

  • SHA1

    fa87b6028a06a220c585d8e0780f89a900909c22

  • SHA256

    4bd72979db980a1f04bef54cd5a277d83422d5353a8453a867b1cd8a9bca446f

  • SHA512

    cdd52e5cdae0a31a9ac40d58f85f2ca89c5daa5d6d67fc2fac3e0f8ac76442e1ade96a0e6f7738abde977f6e44e261688b30653e426cdde4978f19810488c028

Score
10/10

Malware Config

Targets

    • Target

      4bd72979db980a1f04bef54cd5a277d83422d5353a8453a867b1cd8a9bca446f

    • Size

      623KB

    • MD5

      a12c1e631a3dd5e4353bbedf1e6867ea

    • SHA1

      fa87b6028a06a220c585d8e0780f89a900909c22

    • SHA256

      4bd72979db980a1f04bef54cd5a277d83422d5353a8453a867b1cd8a9bca446f

    • SHA512

      cdd52e5cdae0a31a9ac40d58f85f2ca89c5daa5d6d67fc2fac3e0f8ac76442e1ade96a0e6f7738abde977f6e44e261688b30653e426cdde4978f19810488c028

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks