20aa815f5ad1b7d58d0e95012e9b9e991c66fafa5a38185b40ea08aa381bbf81 | Triage

Sharing

General

Target

bd.exe
Size

11.9MB
Sample

230328-acxhlafh94
MD5

79ee5176bd6e766ea27b26a0ee8a05bf
SHA1

d16b963c0fd00ba65295c2196850297c69d7cd44
SHA256

20aa815f5ad1b7d58d0e95012e9b9e991c66fafa5a38185b40ea08aa381bbf81
SHA512

7aa4cc678b278c7527d15e3851219ee043c5093c4f24b8adfc3992962d8eeff992142d4616ca7102fee64d6d47c381b89ba849c340c2111dc61e099feeff4fd2
SSDEEP

196608:G8aRszwZoHd2H5NDil9LgQY/L2Vmd6+D32c/f/+SJXEb2RwZVGbmp7AyWKnEdE:rb9QDDhL2Vmd6mGc/esA2Rwz8mpPQ

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  bd.exe
- Size
  
  11.9MB
- MD5
  
  79ee5176bd6e766ea27b26a0ee8a05bf
- SHA1
  
  d16b963c0fd00ba65295c2196850297c69d7cd44
- SHA256
  
  20aa815f5ad1b7d58d0e95012e9b9e991c66fafa5a38185b40ea08aa381bbf81
- SHA512
  
  7aa4cc678b278c7527d15e3851219ee043c5093c4f24b8adfc3992962d8eeff992142d4616ca7102fee64d6d47c381b89ba849c340c2111dc61e099feeff4fd2
- SSDEEP
  
  196608:G8aRszwZoHd2H5NDil9LgQY/L2Vmd6+D32c/f/+SJXEb2RwZVGbmp7AyWKnEdE:rb9QDDhL2Vmd6mGc/esA2Rwz8mpPQ
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1