General

  • Target

    3a5ef9abe8c4ceea2ac74155d18662b3c2803c3e24a7ebc407d03d16d8a43118

  • Size

    10.6MB

  • Sample

    230915-d3b65abc66

  • MD5

    e12bf1a713b7ae3ecc3f9742bb0de358

  • SHA1

    89ecd4b3a3bbf873c23bc68325ceda312f8f02f7

  • SHA256

    3a5ef9abe8c4ceea2ac74155d18662b3c2803c3e24a7ebc407d03d16d8a43118

  • SHA512

    f5442afe8fc9d6cfe2f4b9105c4b2c7c78a7c597faace44c7f9112bdba6b85a3a227482f8852dafd74813a3ab082d35cebfb71f9fe15c8f3c776bbfba54454e7

  • SSDEEP

    196608:czrSEThvLEdnW/rI5NqyEUpF4AYwT8RXhVU9wjWKXf972bPGxQeWKmax7S6/8zB9:0EdWDy8pW48+WefV2bVeWKpST3h+AmIR

Score
6/10

Malware Config

Targets

    • Target

      log4j2-intranet-scan-main/JNDIScan/JNDIScan-Darwin

    • Size

      6.2MB

    • MD5

      2432c0d006ba8e2a96c95fd69b0c02e6

    • SHA1

      72981dae9a1571d8e636a524eb6e0d691b0605d8

    • SHA256

      430e406c12c7436bb53c852df28c47f5fb56395aee8a7f5a2457e6938d405863

    • SHA512

      5c92942d91081f9bd12525395a1eafdc724c44a1383a8816905dcbb692597dff4e8d4cabed0c2420a929c1f5d502cea49cf8306ad8f34ea7d7cfc24dcab03a2b

    • SSDEEP

      98304:vTE5qVbBsJ/W5N/qI91M85qld9sJMCz8zYOj7dDh0rjMvy:vTE5qVbB0/W7/p915wBCz8kU7dF0r

    Score
    6/10
    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      log4j2-intranet-scan-main/JNDIScan/JNDIScan-Linux

    • Size

      6.3MB

    • MD5

      e6df444e205b25c3cff0d319bfbee98a

    • SHA1

      c3eb47a8c0356a423b226fa689bf3e90c42978af

    • SHA256

      7795ea3cef4fafeac03282c8875f54b72c85b056779942ebe20eb781055b039a

    • SHA512

      86c45e881483d9dcf540ff4a3c104914752495d25d44a85bef25285f3947a3219d27c870e053645aed0a494d833a6d23b8324122a583f03a52a2b0190bae019d

    • SSDEEP

      98304:QVMlwHU0HTmAzKt7Hd40OE0eTukqi4XiWaArS:QVMlw00H6AzKt7ud9XiZ

    Score
    6/10
    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      log4j2-intranet-scan-main/JNDIScan/JNDIScan-Windows.exe

    • Size

      6.2MB

    • MD5

      92ae6db6b944bad766d349c827212d40

    • SHA1

      b6f9b37c6c1c17f4e1170c4778bb52a07b2b4ed1

    • SHA256

      fd2cbe4b85a7092c6bfa6c31e981c7c8a813ead092e523f4edd7065714ff730a

    • SHA512

      0ae146ff767a4fab48f4d1585fb42b2b2aed45aaad5eca53ef75aa9e59d4b792ed7232f4d75f3142ab093844c1daae924fa5083d54e1cbb0e0aa2c247bb114bc

    • SSDEEP

      98304:uiFr7KfCgVsJrJBdVEtaxIf+bg4PsB6sueVFuu3uXna:uiN7KfrMrJjVEtaxIfgVS7/uPXa

    Score
    6/10
    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      log4j2-intranet-scan-main/log4j2-intranet-scan.py

    • Size

      13KB

    • MD5

      01c9891155c99aa44c73ca64699c42bf

    • SHA1

      4f17ab76282debefb94d37fea81439ca97a087c0

    • SHA256

      08a5a419f4b02ef62c188b0523b4cba532ce4c0304a4ee0b7fa0b7cd8c4dbf1b

    • SHA512

      44c341750d98694f12b15885063981ccab18cb63ec50617b4e60877bcc8012634146a0f7c99ca3fb39ac8a2d5e685132f270257bdfc05ba306fef393a73899f8

    • SSDEEP

      192:pBUPh9uKc5OD4WGrqiwThcjljAT1/ya/yLuKC5km5kLNSJV6oQyr9hOwXvP4w34o:pBUJ9i504WLJV6IzPG9Op

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks