aresloader | c327ef13f5f38b63b4fc5695081be816af2c4f4f40200256560d258addd84ed1 | Triage

Sharing

General

Target

51982cba4b48c14d0d2d6c0cefe786fe_magniber_JC.exe
Size

2.7MB
Sample

230803-vv97maeh67
MD5

51982cba4b48c14d0d2d6c0cefe786fe
SHA1

d6f7a360b79d1cdb19ddbe16630683bdcc415f73
SHA256

c327ef13f5f38b63b4fc5695081be816af2c4f4f40200256560d258addd84ed1
SHA512

31f1a32005c94c599dab4a152812c8de5c91d3e654fc7a9ebdf280c4dbe39150aedc9c77d23ad0364e92a11ce812c41847000c1dccfa4506b45366005f229fab
SSDEEP

49152:eEyH38u5Rj9GsTfl5OxK+r/cjNODvQ5Ky5ZyLhshHMVC:eE45Rj9GsTf/O5r/cp8vQNytFV

Score

10^/10

aresloader loader

Malware Config

Extracted

Family

aresloader

C2

http://193.233.134.57

Targets

- Target
  
  51982cba4b48c14d0d2d6c0cefe786fe_magniber_JC.exe
- Size
  
  2.7MB
- MD5
  
  51982cba4b48c14d0d2d6c0cefe786fe
- SHA1
  
  d6f7a360b79d1cdb19ddbe16630683bdcc415f73
- SHA256
  
  c327ef13f5f38b63b4fc5695081be816af2c4f4f40200256560d258addd84ed1
- SHA512
  
  31f1a32005c94c599dab4a152812c8de5c91d3e654fc7a9ebdf280c4dbe39150aedc9c77d23ad0364e92a11ce812c41847000c1dccfa4506b45366005f229fab
- SSDEEP
  
  49152:eEyH38u5Rj9GsTfl5OxK+r/cjNODvQ5Ky5ZyLhshHMVC:eE45Rj9GsTf/O5r/cp8vQNytFV
Score

10^/10

aresloader loader
- AresLoader
  AresLoader is a loader and downloader written in C++.
  loader aresloader
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aresloaderloader

behavioral2

aresloaderloader