4be581640a2bf3db6ec7c45dbabfeadb57dd823268ad9eb79c92e3554e826c1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SpokeInjector.exe
Size

89KB
Sample

231012-hs1h7afa92
MD5

e311885e6dfe5e9a3efe22a3ee6aed45
SHA1

7fd45984ca4eae692eaa3c4be267fbf344528cc4
SHA256

4be581640a2bf3db6ec7c45dbabfeadb57dd823268ad9eb79c92e3554e826c1e
SHA512

0b8812eb9deccf0403fad52f8477a93889bdc721ccb3aa5473093608b30468e0e168df92c143e808f2e3e6d60d5499fe403d4ef6d101a5a438f2eed41140f62a
SSDEEP

1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfNwqUXOs:z7DhdC6kzWypvaQ0FxyNTBfNVU7

Score

10^/10

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1154460921306042450/FcC6bK-B6wF9Kdqc1CVFIbNFZN0A_0627G4mNEescCSkoyZfLO_wsI4nn18mKtLmyOe9

Targets

- Target
  
  SpokeInjector.exe
- Size
  
  89KB
- MD5
  
  e311885e6dfe5e9a3efe22a3ee6aed45
- SHA1
  
  7fd45984ca4eae692eaa3c4be267fbf344528cc4
- SHA256
  
  4be581640a2bf3db6ec7c45dbabfeadb57dd823268ad9eb79c92e3554e826c1e
- SHA512
  
  0b8812eb9deccf0403fad52f8477a93889bdc721ccb3aa5473093608b30468e0e168df92c143e808f2e3e6d60d5499fe403d4ef6d101a5a438f2eed41140f62a
- SSDEEP
  
  1536:/7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfNwqUXOs:z7DhdC6kzWypvaQ0FxyNTBfNVU7
Score

10^/10
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2