Overview

overview

10

Static

static

4e09c63602...72.exe

windows7-x64

10

4e09c63602...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972

  • Size

    346KB

  • Sample

    220720-xljz7agbcq

  • MD5

    6465ff23f054282177a15cc5f7ebc7ec

  • SHA1

    92c0033e076de238169f17c76a41fcbb8d10930d

  • SHA256

    4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972

  • SHA512

    507155b8dcc48b2e7a78a7771135588058f89985f7fe53ca546433a6d847d4b1c4dc61995d8159e3d5906eea64d49466cb78be236ca3bc5c448ae869b2328b16

Score
10/10
onlyloggerdiscoveryloader

Malware Config

Targets

    • Target

      4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972

    • Size

      346KB

    • MD5

      6465ff23f054282177a15cc5f7ebc7ec

    • SHA1

      92c0033e076de238169f17c76a41fcbb8d10930d

    • SHA256

      4e09c63602bea79e6a9ad1f757013a72f6a16b1b7991c20c995296cfed7e0972

    • SHA512

      507155b8dcc48b2e7a78a7771135588058f89985f7fe53ca546433a6d847d4b1c4dc61995d8159e3d5906eea64d49466cb78be236ca3bc5c448ae869b2328b16

    Score
    10/10
    onlyloggerdiscoveryloader

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

      loaderonlylogger

    • OnlyLogger payload

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

1
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks