7fe5cfc7356105f997fcf9fc435f237c71f510bd9295997ab780c2655f101dd0

Sharing

Copy URL Twitter E-mail

General

Target

dawdawd.rar
Size

2.0MB
Sample

230701-yy1zxahe73
MD5

6c414bb851bb85e284959113c068b797
SHA1

d71b23b373b208fceaaa80d5fee7934d1eaf398d
SHA256

7fe5cfc7356105f997fcf9fc435f237c71f510bd9295997ab780c2655f101dd0
SHA512

60c0e3d4cf49be9d28b08d44637a1c02f8d4651b2d7f2a31256bcb11afef7f54d586d235a10944c1bba2b17e3439ca8f1609176d9c4782ba759b30928d616e78
SSDEEP

49152:iP5989wdwBiU4eWs2VYBpB3OZLCz/O4hHe2HDQ0:Y5iwdlReHVBL3cCztk0

Score

9^/10

upx

Malware Config

Targets

- Target
  
  dawdawd.rar
- Size
  
  2.0MB
- MD5
  
  6c414bb851bb85e284959113c068b797
- SHA1
  
  d71b23b373b208fceaaa80d5fee7934d1eaf398d
- SHA256
  
  7fe5cfc7356105f997fcf9fc435f237c71f510bd9295997ab780c2655f101dd0
- SHA512
  
  60c0e3d4cf49be9d28b08d44637a1c02f8d4651b2d7f2a31256bcb11afef7f54d586d235a10944c1bba2b17e3439ca8f1609176d9c4782ba759b30928d616e78
- SSDEEP
  
  49152:iP5989wdwBiU4eWs2VYBpB3OZLCz/O4hHe2HDQ0:Y5iwdlReHVBL3cCztk0
Score

5^/10
- Drops file in System32 directory
behavioral1
- Target
  
  dawdawd/03Ufx1036UnK2u8q6bm21127W05x281G24S29bq1023SrjwnfxjQv2f4Et20n51S1.exe
- Size
  
  593KB
- MD5
  
  9b15881812c81df07cc0d9ce142a6310
- SHA1
  
  32ddb1140e962f7bfec19fc7961ad0778320724c
- SHA256
  
  97376aee344da676ad63b811dd5de8b5b615ddf4bf0254b22f0decb7ece71c8b
- SHA512
  
  562e53cb1086f1016abca33c5e8196bb4f75f1577e628c6e06aec302cf65e49c426e29f12373c76bd8b1004f6eeaa07e9c71d24ae9c884bd37ea74424c3402df
- SSDEEP
  
  12288:sLseTnEzmdFVOvRLjA5seCWJj/q1tjOPZ6ntk3QoWXYQSv:asHz8FVwjkseCWxi1tjOPZ6ntk3QoLt
Score

9^/10

upx
- Nirsoft
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  dawdawd/dpp.dll
- Size
  
  1.9MB
- MD5
  
  692026ff118997f30b9c314df54bce25
- SHA1
  
  a09c770f410ad4df8e78c6d0723f70521cfb63f1
- SHA256
  
  75c5725344092eb7a9f0c2c74c85a98f73d7d4c8201a677b206c35655c2e33d8
- SHA512
  
  60d5b1b29e19150636a0b7c593e95bac2bc42c0cc2dd6335cc45794f64fc5f64044f64365a9ef742616ffc025e121f2455425808a44add02bb28173394b87e36
- SSDEEP
  
  24576:myAuvuKXRiZAhSso8JceUkeo4YUPyGdT0QP5YYM5RaIz7pMqijwG0Vzcd00:myvXawC6UkZ4YUtzPSYES0Vzcd00
Score

3^/10
behavioral3
- Target
  
  dawdawd/libcrypto-1_1.dll
- Size
  
  2.5MB
- MD5
  
  31643a6540ba24cf98a97cef42634048
- SHA1
  
  0206d691eaa40885713327c11e000cb771a21703
- SHA256
  
  e36557189986f864b35c4f3d66b3356ce242c73217ec9ec5c3d66453c480633f
- SHA512
  
  5f5c74fecacb723126ff099ad7303af500b5125ecef2966fb3104d3668d07e836266680a7628a63a5a26200f6139bed77e7f5c7533a9934cb81be9857800de41
- SSDEEP
  
  49152:cmjrvGvz67Ltvwm98Iq1CPwDv3uFfJIfAE3C:cmjbXLim98b1CPwDv3uFfJ
Score

3^/10
behavioral4
- Target
  
  dawdawd/libsodium.dll
- Size
  
  329KB
- MD5
  
  be8a4636d7dd224ef4774065189ce7ff
- SHA1
  
  6aadb8d601333a3136647cb8a96480e277798d9e
- SHA256
  
  84fa23e1bd52d64265d6eb31b72fb40bb539856110633a6e0583003290e5f61a
- SHA512
  
  2fe3b94f473f81e6e8834455789d9401dcd4650b66a24a57d9f923ca9487e3cccbaf9caeb9033ef63bbb287a4c41776587776b2acf3281fa99d7f285d0bf27a9
- SSDEEP
  
  6144:A3i+tJnFTK1+EGqOX9lHy7e460QmXV50DErDbvt:l+tZqO3460QmwD6b
Score

1^/10
behavioral5
- Target
  
  dawdawd/libssl-1_1.dll
- Size
  
  523KB
- MD5
  
  46c50a365a8a11627137ad52e4ab2f94
- SHA1
  
  6d02dc794a756c077233f074bd85c4b8241c24df
- SHA256
  
  187b33ab7a95d4722ff7dc6e2a0e6f121f68fd034b708a946b76748ec2a39b83
- SHA512
  
  3e2bdb912e77c249950d3dac3d3937d716e982fa9dfa3aeb48760219e53e99e70292294cc80992095bb18ee62329aac69c253dea2ae6037c9e80e1500a32b1c0
- SSDEEP
  
  12288:gypyeH2O8Dkmb4yjpesKWjy/MMk+cdU2lvzAE:lceHp5PIQMT+aU2lvzAE
Score

1^/10
behavioral6
- Target
  
  dawdawd/opus.dll
- Size
  
  307KB
- MD5
  
  a4c7c50ebed6a72ead1baa4cb3057c81
- SHA1
  
  21ae7d92ce5f6684c2bb091a780830fb7e2263c0
- SHA256
  
  0d518b2def8d3e2d6a1d221ddc6d66a338ab1ba6068461d1cf5f3b7d39c97793
- SHA512
  
  1d679f5d0805907ada13a79b5d673ff1262334fbed6bdda2812a4c183aea7dd1d775f847048d5c5d06aa920b76936b61ad7426e77502807935a93ec953e03071
- SSDEEP
  
  6144:TqrbR0re3Pr2VvnErmo03zglw+VH2jNAZ2EG7cjplyDjCa/ZLBvBm8v:WrN0re3T2VvECoeV+J822EPyDjCa/x
Score

1^/10
behavioral7
- Target
  
  dawdawd/zlib1.dll
- Size
  
  73KB
- MD5
  
  05bf83777d5b6c7bf74a512f51f34a7b
- SHA1
  
  5c177218220a9c1df6eff2fc46bf3dd512986222
- SHA256
  
  0d2a785476bf5ab1906f4738e92df18a2c438e27225c1c1cac9afe77417c0b46
- SHA512
  
  0249ac76f843b3d46120da665ebe3b361f120477997f3809b88188d1afeffa2a789f5a990930441f54729d1e806c2ce005893ac77a88dd87d302e2ee49eba941
- SSDEEP
  
  1536:iD5gPaCVRn77BGHXrfD0zelgdRH/KNn6BnToIfhIOsIOEmhfgh:Q59+R7t+szelgdRfKNcTBfLiEmhfgh
Score

3^/10
behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Nirsoft

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8