General

  • Target

    Fluster.exe

  • Size

    70.8MB

  • Sample

    231204-vex75ada3y

  • MD5

    121ede8b80f588e1ba2851f8e25f3057

  • SHA1

    f0c12f7f35294f177087a9326bfd81a84137567b

  • SHA256

    3c861ab0bc7a939dbeef46269c982dd13dbc385fdc1c82d62613d40ff602b5cb

  • SHA512

    3616290e1541726c9b92e8a0c0259d934d3b8db1a88bd6fcff031f9d6d02af13c3fb236f8bc369232244fe7b5d887c2460cd3010a9028d18903b7671ccfda0a3

  • SSDEEP

    1572864:w4/4rzOchPw8PDYPizXVXPUZSJD4JrwD27Xxbnv+j7:jkqcd1bYPiTIiGxbvg7

Malware Config

Targets

    • Target

      Fluster.exe

    • Size

      70.8MB

    • MD5

      121ede8b80f588e1ba2851f8e25f3057

    • SHA1

      f0c12f7f35294f177087a9326bfd81a84137567b

    • SHA256

      3c861ab0bc7a939dbeef46269c982dd13dbc385fdc1c82d62613d40ff602b5cb

    • SHA512

      3616290e1541726c9b92e8a0c0259d934d3b8db1a88bd6fcff031f9d6d02af13c3fb236f8bc369232244fe7b5d887c2460cd3010a9028d18903b7671ccfda0a3

    • SSDEEP

      1572864:w4/4rzOchPw8PDYPizXVXPUZSJD4JrwD27Xxbnv+j7:jkqcd1bYPiTIiGxbvg7

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks