aresloader | 4881b8c4dd7041d5aa6a684be5fed8657408fed2ec0a3390ae0cdcec56da8f42 | Triage

Sharing

General

Target

7686d6c953fd167bebe5d9939b2d79ef_magniber_JC.exe
Size

3.0MB
Sample

230805-ycvwrsfd9w
MD5

7686d6c953fd167bebe5d9939b2d79ef
SHA1

95b390c5d27851ecd480a8b6cafec21cd7230e74
SHA256

4881b8c4dd7041d5aa6a684be5fed8657408fed2ec0a3390ae0cdcec56da8f42
SHA512

1795162faf69574fefa0a0cdd301b354e81c5b38894315d0defacb54d579faae3f4c14e74ee88dae806572767e046bda9579a23970b86f3fb98a147afaba14fe
SSDEEP

49152:NhGVclIdwupANq1PpJ/zCYCnhEpHL2JjUgOsXF0ZEz5bWAN3XpIN:ccOdw27dpJ/zNChE5e/z

Score

10^/10

aresloader loader

Malware Config

Extracted

Family

aresloader

C2

http://193.233.134.57

Targets

- Target
  
  7686d6c953fd167bebe5d9939b2d79ef_magniber_JC.exe
- Size
  
  3.0MB
- MD5
  
  7686d6c953fd167bebe5d9939b2d79ef
- SHA1
  
  95b390c5d27851ecd480a8b6cafec21cd7230e74
- SHA256
  
  4881b8c4dd7041d5aa6a684be5fed8657408fed2ec0a3390ae0cdcec56da8f42
- SHA512
  
  1795162faf69574fefa0a0cdd301b354e81c5b38894315d0defacb54d579faae3f4c14e74ee88dae806572767e046bda9579a23970b86f3fb98a147afaba14fe
- SSDEEP
  
  49152:NhGVclIdwupANq1PpJ/zCYCnhEpHL2JjUgOsXF0ZEz5bWAN3XpIN:ccOdw27dpJ/zNChE5e/z
Score

10^/10

aresloader loader
- AresLoader
  AresLoader is a loader and downloader written in C++.
  loader aresloader
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

aresloaderloader

behavioral2

aresloaderloader