Resubmissions

10-01-2023 00:57

230110-ba58dsgd29 8

09-01-2023 22:17

230109-17r5gaga66 10

General

  • Target

    6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef

  • Size

    1.0MB

  • Sample

    230109-17r5gaga66

  • MD5

    067b0d35578c2755a06e9e6b702c4c05

  • SHA1

    603edd059b6a616a984ba4582cd86384234ba2d0

  • SHA256

    6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef

  • SHA512

    992617a6220a41fde70e3e457b27a1b7474af44d23d501474c8e466e4648ea1a281b277f667434f097dc1808d3299a7b18076e16a924e15aa29319a8f0ff0595

  • SSDEEP

    12288:u9iJB1C4k6XXEdR16EjdL7in0DpEXhZV8F9jL2FvEd/0rhFyYcvFb+BCFhyP8+:uoJuFfHjpsZVAv/0ruYctb+YFQ

Malware Config

Targets

    • Target

      6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef

    • Size

      1.0MB

    • MD5

      067b0d35578c2755a06e9e6b702c4c05

    • SHA1

      603edd059b6a616a984ba4582cd86384234ba2d0

    • SHA256

      6af2204e4e62a5d44462335379f8e70f7d680da84f2a7f6c328fbd40014694ef

    • SHA512

      992617a6220a41fde70e3e457b27a1b7474af44d23d501474c8e466e4648ea1a281b277f667434f097dc1808d3299a7b18076e16a924e15aa29319a8f0ff0595

    • SSDEEP

      12288:u9iJB1C4k6XXEdR16EjdL7in0DpEXhZV8F9jL2FvEd/0rhFyYcvFb+BCFhyP8+:uoJuFfHjpsZVAv/0ruYctb+YFQ

    • UAC bypass

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks