General

  • Target

    curl-portable-master.zip

  • Size

    2.5MB

  • Sample

    230618-zszekahg25

  • MD5

    201fc137368ce75803000fcab5e65ac1

  • SHA1

    1697e50d019abd91b781bddfef4adf73ae3280fd

  • SHA256

    62a715881a64abd95f48212abae468414b2083c67e2bf664d538413a38849971

  • SHA512

    dfb007af71f225ccc06c29628fb9387f81dc0109d5c4a9028d23e694172f73c8f7cb9baf0576da6d30db2149e66c4f0d5b85ebcc88b48982de2552572d5af30d

  • SSDEEP

    49152:loRwCeMa1hWJgBkjFAFwRWCSAh3dCIfYO6HtdCDrUAEIjsIQOr8e:loRxtqAqFYWc3MnNtcDrTsIQU

Malware Config

Targets

    • Target

      curl-portable-master.zip

    • Size

      2.5MB

    • MD5

      201fc137368ce75803000fcab5e65ac1

    • SHA1

      1697e50d019abd91b781bddfef4adf73ae3280fd

    • SHA256

      62a715881a64abd95f48212abae468414b2083c67e2bf664d538413a38849971

    • SHA512

      dfb007af71f225ccc06c29628fb9387f81dc0109d5c4a9028d23e694172f73c8f7cb9baf0576da6d30db2149e66c4f0d5b85ebcc88b48982de2552572d5af30d

    • SSDEEP

      49152:loRwCeMa1hWJgBkjFAFwRWCSAh3dCIfYO6HtdCDrUAEIjsIQOr8e:loRxtqAqFYWc3MnNtcDrTsIQU

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Target

      curl-portable-master/LICENSE

    • Size

      34KB

    • MD5

      1ebbd3e34237af26da5dc08a4e440464

    • SHA1

      31a3d460bb3c7d98845187c716a30db81c44b615

    • SHA256

      3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986

    • SHA512

      d361e5e8201481c6346ee6a886592c51265112be550d5224f1a7a6e116255c2f1ab8788df579d9b8372ed7bfd19bac4b6e70e00b472642966ab5b319b99a2686

    • SSDEEP

      768:Fo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7J:Fhcycsrfrnoum

    Score
    1/10
    • Target

      curl-portable-master/README.md

    • Size

      56B

    • MD5

      2cdcf8ad587347f0524cf295391cf7af

    • SHA1

      71ee221795def68976717ad85f5edefb5f388e5d

    • SHA256

      ff8daa524a538d938ad0c8265a89f04326b0c33de9df9b990b4cb82db9a3cf1f

    • SHA512

      874375fe8f7c2e6a9d3ebe4279bc0ca432b4d93873f7076aa0e44c8fdb951b591786925579144631b08cf2f3428168944bb765564723e79181860f0af5013ec0

    Score
    3/10
    • Target

      curl-portable-master/curl-ca-bundle.crt

    • Size

      216KB

    • MD5

      5805059ab9e4646e4803ce1e007eb8ba

    • SHA1

      aa004c87ac9d0cf2b148fe5424804386f55eb4c6

    • SHA256

      5cd8052fcf548ba7e08899d8458a32942bf70450c9af67a0850b4c711804a2e4

    • SHA512

      49778472e46ce3b86b3930f4df5731ac86daf4d8602d418af1c89dc35df5f98c4557aa6c6eb280558c61139ead4b96cbb457a259f72640452f28a2fecd4ccb89

    • SSDEEP

      6144:XNc597qxzwd9aUaNR6dTd4tL2b02dTDkMgV:XNcf7M576f4tLe0mIMq

    Score
    1/10
    • Target

      curl-portable-master/curl.exe

    • Size

      3.9MB

    • MD5

      a3569bf06d73db9fbf4ab4fceb75b495

    • SHA1

      ce86cdf772371603dabcc6059553acd1b1116161

    • SHA256

      46728863a11d653b6c1ad6b0ca5c2f8a8212558da538c4c4a8d055871aa7304a

    • SHA512

      2eef62d55ccd29a24b53ffdb71d89c10be42d663b9d29c078a561117be2246bae6f020e607ee68504ea5a9bc5621b6802fc1ab8f174bc0c0d0200fc5aa724c98

    • SSDEEP

      98304:L6VqnUiTgItsIlV1Q1+0tBAJLv+lwfX/c2tj5d:AqnVcuv0kj5d

    Score
    1/10
    • Target

      curl-portable-master/libcurl-x64.dll

    • Size

      1.0MB

    • MD5

      a846592aa99fe94d7455097dceb05ff8

    • SHA1

      03859b7af6e8c9950d3c221dfafb6c89cc0e2f66

    • SHA256

      f46b5c8e3bd77e340af65ccb476f96fe803fa0a2a10e8f0f1a004a35076984ff

    • SHA512

      73fc0929bb4e95e38caf5c323518f9ba97a8adf52983d1ff4c09b74c8400186b7cc6fbf0900efc26852495ee0f4fa19b68ce95f46948032c8629201a06bd8a39

    • SSDEEP

      24576:q+9Y52OnulevAOXgX11qIxBnlikYWVgPaG9BQQfKsTnkTydARK:WcOWOwqIHnlikYWVtKB5TkTA

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks