e90566cb4749892ac21828eed527e7d1e01a02687e1180d5d6cf9931c0d55ef4

Sharing

Copy URL Twitter E-mail

General

Target

ProcessSpoofer.v1.5.zip
Size

227KB
Sample

230829-bk2yqahb56
MD5

c24f8dafe9e570b1513ba1a2b6810138
SHA1

46fbb76078ce508ae4d87dfdcdf9f70ef4c1a8d2
SHA256

e90566cb4749892ac21828eed527e7d1e01a02687e1180d5d6cf9931c0d55ef4
SHA512

4466873fe41225405afebef1321222a94d70451f2cc7d24fa71a8c71bfe922d00f1f15b506cc67fede053c8fff2a7cc843847de353e7be18ade317d60bd7a279
SSDEEP

3072:nUhij135DZhM2JweuZGiIAvSy48adIyigEF/mTdtV1hNP1oSJcIC5xpMrI:nUgpDZ9UZGkqy41n9EFG9GY0xKrI

Score

6^/10

Malware Config

Targets

- Target
  
  ProcessSpoofer.v1.5.zip
- Size
  
  227KB
- MD5
  
  c24f8dafe9e570b1513ba1a2b6810138
- SHA1
  
  46fbb76078ce508ae4d87dfdcdf9f70ef4c1a8d2
- SHA256
  
  e90566cb4749892ac21828eed527e7d1e01a02687e1180d5d6cf9931c0d55ef4
- SHA512
  
  4466873fe41225405afebef1321222a94d70451f2cc7d24fa71a8c71bfe922d00f1f15b506cc67fede053c8fff2a7cc843847de353e7be18ade317d60bd7a279
- SSDEEP
  
  3072:nUhij135DZhM2JweuZGiIAvSy48adIyigEF/mTdtV1hNP1oSJcIC5xpMrI:nUgpDZ9UZGkqy41n9EFG9GY0xKrI
Score

1^/10
behavioral1 behavioral2
- Target
  
  ProcessSpoofer.exe
- Size
  
  91KB
- MD5
  
  4060343cf656b4ea838ea35ae3de2f88
- SHA1
  
  a993fde38162ba51a4a395d4050ef4541f34c3a6
- SHA256
  
  814b07414ba43877660e453f3ac6085fd2349dac55f17c761d3af5fa97c5a1af
- SHA512
  
  56b18dbdebe51508dcc19738bd294d6736b12a2cfb6a334a2ec149861ccb14416607ad14951bdf88e04eb49a255f414f508e6a9e6ea8674f4b3b0acd0b5c03e8
- SSDEEP
  
  1536:qDEC+cVNdcLbdGQgYFidVIx4TZYCS9eHLOLZKhAE7:iEC5TWYQvaTTSAr6wAQ
Score

1^/10
behavioral3 behavioral4
- Target
  
  SpooferHandle.dll
- Size
  
  41KB
- MD5
  
  b0914c84476c51414efca5bd0224f146
- SHA1
  
  620be49a9ac83f8d55609b7325aca2f17c76722e
- SHA256
  
  fac13f49ff60c6b807837dc89a644bdce6738ea7a3d55945c71fee70f5da014c
- SHA512
  
  763b78eeb032ca0055618488ffd1f6b67e3e15ec3b4d57723ece932962bdd4d1bb4ac6fe8ab3cb43d1c63bf3e63f06e33831c803fb61ffcf6051eecc999591ed
- SSDEEP
  
  768:oG6gLRDcW5jtpf6gAbDsa5RXXltQwAdF98GxCJwSkgg:9pcOjegML5RltZfg
Score

1^/10
behavioral5 behavioral6
- Target
  
  data/getServer.bat
- Size
  
  465B
- MD5
  
  232d1a1851f0559cef9daab0223aad99
- SHA1
  
  cf638f2b61d7bfff85340628b5863b96e21dae3f
- SHA256
  
  49d403dd5e205c73434839a975cef8130a114c0efeb402e1bfb6be666d467bfe
- SHA512
  
  5224b2868b24c07f475c55f2b40324aed6e822bd804039912bc7a60a9ffb46ad39cbe5939e0af72328c082676c07e392f88b940ead4310cd6a9278975332af50
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  data/info.txt
- Size
  
  128B
- MD5
  
  a90af646befcaa5afcf184fd726f5098
- SHA1
  
  a73b67873388a3509b9c13841fb8c1773d2ad802
- SHA256
  
  7910c77f84e8cbd5c840957246b6306edb53d8262ae0996e02997675892bbf0b
- SHA512
  
  80b74b21d671a484947bdfebf6530183e949b2857334e6a4ed15010e776addd52445d28c564fe29dea187dbf95471fd48563a4553372e24b25e9c23c92c77f6d
Score

1^/10
behavioral10 behavioral9
- Target
  
  data/server.txt
- Size
  
  27B
- MD5
  
  48e8b7e016032a184ed183a9d30759e3
- SHA1
  
  ffdb26d63c7d31d79fddacaaac7c114fc7a0cd62
- SHA256
  
  77a89626f87a3051ba895c9c111edab73cec508aa3af0381da4cf4e57ad3152a
- SHA512
  
  edcd71ee24a73b043f6e1f0e8624a00602b04b57e41be8fae5819a071366256dfc13078d3e55ee61e79fbd03b674aef7735768b045f67e8a3659787f491a3d2a
Score

1^/10
behavioral11 behavioral12
- Target
  
  hide.txt
- Size
  
  18B
- MD5
  
  717cf9a9be5c216d640f152351e44916
- SHA1
  
  c43a7d890787cd7a9ad262d6b48c5bf6ce6b46d0
- SHA256
  
  6422bc3263724432d193ecd13eecefe72141bb5da6bac30db3bccd1b1cca268e
- SHA512
  
  8892677001acbda3f32d8338c872faea447bc32a54f31eae2d91a4be209dcd41d20950ebb344e5a66e868edcd190e3fb63f4ff1353a08540dc327ccb417b587f
Score

5^/10
- Drops file in System32 directory
behavioral13 behavioral14
- Target
  
  libMinHook.x64.lib
- Size
  
  504KB
- MD5
  
  04fd39e77e0d30169726d1a559118a8e
- SHA1
  
  68c074320907e1deba39f74e6463e82f082ef1d0
- SHA256
  
  aec50570a9b5294a35c0051c8ff3fb38d0053fd66b747b7c2f55132e8dd8e32c
- SHA512
  
  d99f4f386e148ff214a19c3f2e711bb8492eb1e838e92f9336acd65e645317aad1b393b37189360ce003e0125361b268f1c39b2cbde5cd93390f546242d96a2c
- SSDEEP
  
  12288:XNbt13OZ2vdo0bt1HxqOc2K+5lni21lObt1pOg2jP:Xlt13vdoot1g1+Tn9lWt1psP
Score

3^/10
behavioral15 behavioral16
- Target
  
  readme.txt
- Size
  
  19B
- MD5
  
  f3708f527d7ccda6b2cf42d11d7ef37e
- SHA1
  
  b90c7b1487b0e4d9c1794135cc896c7c464d94ff
- SHA256
  
  876834e7d7f98de4aa0623d0b70fce189fad735e3a2764c0c970d4217e7d2c9f
- SHA512
  
  215947bda4587630292fbecfec7a0ef49649b9a95f65b64f3f89fb9a3dd7d7b1500115afc28f882c7bac4f7e07df5ca20b330c3108cdc4f562338f071ef1a586
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18