Overview

overview

10

Static

static

working_attack.7z

windows7-x64

8

working_attack.7z

windows10-2004-x64

10

Resubmissions

23-02-2023 13:58

230223-q979csga63 10

23-02-2023 13:58

230223-q91vaaga59 3

30-01-2023 00:58

230130-bbgw7adb9t 10

15-01-2023 07:31

230115-jcmg3abg69 10

15-01-2023 07:28

230115-jarn1aff51 3

15-01-2023 01:34

230115-by7fcscb6w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    working_attack.7z

  • Size

    925KB

  • Sample

    230115-by7fcscb6w

  • MD5

    79c2ac9fb282708c97b2622b1dcf8428

  • SHA1

    bbfeb1b3a9379ca5fd894b8c5afa0b95f5eef1b7

  • SHA256

    db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f

  • SHA512

    2334c5568ec148985245936d8301e8677b0d6b9809943f1c705ab80572be150d598525df205b8902f8739322f1faa42eb52087048cf57164311002a8e32d2f5f

  • SSDEEP

    24576:y7zYd9xdNsC/TbVTUGTL/g5zXCXPukSSw1hSD6xTBeJw6HXss5:ezY3bWYTUkhhSSuhS0G3s8

Score
10/10
evasionspywaretrojan

Malware Config

Targets

    • Target

      working_attack.7z

    • Size

      925KB

    • MD5

      79c2ac9fb282708c97b2622b1dcf8428

    • SHA1

      bbfeb1b3a9379ca5fd894b8c5afa0b95f5eef1b7

    • SHA256

      db8eb8347ed084c3ee3707ad032743e350157abcaf2817e5f15777b20c554b7f

    • SHA512

      2334c5568ec148985245936d8301e8677b0d6b9809943f1c705ab80572be150d598525df205b8902f8739322f1faa42eb52087048cf57164311002a8e32d2f5f

    • SSDEEP

      24576:y7zYd9xdNsC/TbVTUGTL/g5zXCXPukSSw1hSD6xTBeJw6HXss5:ezY3bWYTUkhhSSuhS0G3s8

    Score
    10/10
    evasionspywaretrojan

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks