General

  • Target

    5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8

  • Size

    444KB

  • Sample

    220724-2fx23sahb4

  • MD5

    3a23f339d858b6a7ab80e55b17a62359

  • SHA1

    4131bf4362d355287d98aa8abfa4d4565249e56d

  • SHA256

    5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8

  • SHA512

    db021a01b2d52203e803f1a3b3ff968af66981a2e5ef7b35df0773aeb7a8d62df90dfebf01e78f63d67493c0870b6d010b9656be09f41433baa3c32d5eb9bf69

Score
10/10

Malware Config

Targets

    • Target

      5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8

    • Size

      444KB

    • MD5

      3a23f339d858b6a7ab80e55b17a62359

    • SHA1

      4131bf4362d355287d98aa8abfa4d4565249e56d

    • SHA256

      5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8

    • SHA512

      db021a01b2d52203e803f1a3b3ff968af66981a2e5ef7b35df0773aeb7a8d62df90dfebf01e78f63d67493c0870b6d010b9656be09f41433baa3c32d5eb9bf69

    Score
    10/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks