875151c3e5fca30297e3a4c382173677b2abfce8194a6081fa9b8316ab2cdff5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

method 1.png
Size

6KB
Sample

230706-zmpceafc7x
MD5

bbd225b89ecb75aa6163c9f34bbffff2
SHA1

aba952bed3ffa29a79f895324419d2d612a496c2
SHA256

875151c3e5fca30297e3a4c382173677b2abfce8194a6081fa9b8316ab2cdff5
SHA512

3e3b85837884bb74b577e202c0c28f7fb7a23248fa70555620391f983c836c14f6f40f1598c4de25147525c5540323f7035c7db21abdd59ee9fc7e4d854535f1
SSDEEP

192:OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7:OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7

Score

8^/10

discovery macos

Malware Config

Targets

- Target
  
  method 1.png
- Size
  
  6KB
- MD5
  
  bbd225b89ecb75aa6163c9f34bbffff2
- SHA1
  
  aba952bed3ffa29a79f895324419d2d612a496c2
- SHA256
  
  875151c3e5fca30297e3a4c382173677b2abfce8194a6081fa9b8316ab2cdff5
- SHA512
  
  3e3b85837884bb74b577e202c0c28f7fb7a23248fa70555620391f983c836c14f6f40f1598c4de25147525c5540323f7035c7db21abdd59ee9fc7e4d854535f1
- SSDEEP
  
  192:OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7:OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7
Score

8^/10

discovery
- Contacts a large (674) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1