0fae713f0572cb811bc33d7423d3de34e7e442a18b1559b182a2c5cc1a717114 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Aphrobyte.Plus.exe
Size

10.1MB
Sample

231012-cbcsxabb99
MD5

29257bf07f9568b09a58011cb65ffff5
SHA1

da6f351b9bda0fc978eb4dedebe5d56811bdd7a6
SHA256

0fae713f0572cb811bc33d7423d3de34e7e442a18b1559b182a2c5cc1a717114
SHA512

df36c2cc3a990b24c0f51a1d0da504f9a25d89b0d51aff1e02394df95140407adc75b69b997d4ff56933078fd0567e36531d6a8bb135cf0093e16c4b03759ac3
SSDEEP

196608:+0GwJqS7B2DONbU2pHOLfXL2Vmd6+DpcLZy7YM30LzajzpMwZFtN/QpV5:4wJz7B2D4RqXL2Vmd6mk0GzajzywZnN

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  Aphrobyte.Plus.exe
- Size
  
  10.1MB
- MD5
  
  29257bf07f9568b09a58011cb65ffff5
- SHA1
  
  da6f351b9bda0fc978eb4dedebe5d56811bdd7a6
- SHA256
  
  0fae713f0572cb811bc33d7423d3de34e7e442a18b1559b182a2c5cc1a717114
- SHA512
  
  df36c2cc3a990b24c0f51a1d0da504f9a25d89b0d51aff1e02394df95140407adc75b69b997d4ff56933078fd0567e36531d6a8bb135cf0093e16c4b03759ac3
- SSDEEP
  
  196608:+0GwJqS7B2DONbU2pHOLfXL2Vmd6+DpcLZy7YM30LzajzpMwZFtN/QpV5:4wJz7B2D4RqXL2Vmd6mk0GzajzywZnN
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2