56141f180e5e98b673857b278c978954f5086d268c7c7040f33937376fe77f0f | Triage

Sharing

General

Target

fake.exe
Size

9.4MB
Sample

220923-ryblpaaehl
MD5

f1ae64564f4ce453fe38af402d5e69de
SHA1

d7dc73d3db53ca30f9c908075d6f82dd43f9b07c
SHA256

56141f180e5e98b673857b278c978954f5086d268c7c7040f33937376fe77f0f
SHA512

e9caa5d1a44a23eae9270079f9d872f5e08f9177090a3b13caedb0c3733ef430892fa716dff22f6b3d16a65107962beceabea67c41ca364b4ad93bf59c31bcea
SSDEEP

196608:TnchbczDIfTKC0U2whym8WUfUv6wq4GAwPgTg0vVl6JXZoJCXYbAJp9EKnl6U:TubwIfTOU2whyalS9Yi0v76JycXYEJpV

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  fake.exe
- Size
  
  9.4MB
- MD5
  
  f1ae64564f4ce453fe38af402d5e69de
- SHA1
  
  d7dc73d3db53ca30f9c908075d6f82dd43f9b07c
- SHA256
  
  56141f180e5e98b673857b278c978954f5086d268c7c7040f33937376fe77f0f
- SHA512
  
  e9caa5d1a44a23eae9270079f9d872f5e08f9177090a3b13caedb0c3733ef430892fa716dff22f6b3d16a65107962beceabea67c41ca364b4ad93bf59c31bcea
- SSDEEP
  
  196608:TnchbczDIfTKC0U2whym8WUfUv6wq4GAwPgTg0vVl6JXZoJCXYbAJp9EKnl6U:TubwIfTOU2whyalS9Yi0v76JycXYEJpV
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1