Resubmissions

23-02-2023 13:58

230223-q979csga63 10

23-02-2023 13:58

230223-q91vaaga59 3

30-01-2023 00:58

230130-bbgw7adb9t 10

15-01-2023 07:31

230115-jcmg3abg69 10

15-01-2023 07:28

230115-jarn1aff51 3

15-01-2023 01:34

230115-by7fcscb6w 10

General

  • Target

    working_attack.7z

  • Size

    925KB

  • Sample

    230115-by7fcscb6w

  • MD5

    79c2ac9fb282708c97b2622b1dcf8428

  • SHA1

    bbfeb1b3a9379ca5fd894b8c5afa0b95f5eef1b7

  • SHA256

    db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f

  • SHA512

    2334c5568ec148985245936d8301e8677b0d6b9809943f1c705ab80572be150d598525df205b8902f8739322f1faa42eb52087048cf57164311002a8e32d2f5f

  • SSDEEP

    24576:y7zYd9xdNsC/TbVTUGTL/g5zXCXPukSSw1hSD6xTBeJw6HXss5:ezY3bWYTUkhhSSuhS0G3s8

Score
10/10

Malware Config

Targets

    • Target

      working_attack.7z

    • Size

      925KB

    • MD5

      79c2ac9fb282708c97b2622b1dcf8428

    • SHA1

      bbfeb1b3a9379ca5fd894b8c5afa0b95f5eef1b7

    • SHA256

      db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f

    • SHA512

      2334c5568ec148985245936d8301e8677b0d6b9809943f1c705ab80572be150d598525df205b8902f8739322f1faa42eb52087048cf57164311002a8e32d2f5f

    • SSDEEP

      24576:y7zYd9xdNsC/TbVTUGTL/g5zXCXPukSSw1hSD6xTBeJw6HXss5:ezY3bWYTUkhhSSuhS0G3s8

    Score
    10/10
    • UAC bypass

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks