General

  • Target

    a128a7ab31a41859c5a9e85868d4174f

  • Size

    974KB

  • Sample

    240224-g3pzrsbg58

  • MD5

    a128a7ab31a41859c5a9e85868d4174f

  • SHA1

    7d614c5f27d5bd60af17e023b68fb67f787c461d

  • SHA256

    8bcf3984e139a272179407ef7f22e912d9e686d59db6dd92b36d1a546e73a34d

  • SHA512

    202464ce77f88b6a8878dd63acf1ed92267179a9f1d75f747b20f12abae0acb7373d56d5f37b1c54613e662600b8c842b77fdc5a032431b2119a41f5554c774e

  • SSDEEP

    24576:W9ai9wwr6RyuZ44G/MfR1FTNkdBAnlXG6+Z1mbXhmQW:xmr6RyuZNGUfRFkUlXF+Z1IXW

Malware Config

Targets

    • Target

      a128a7ab31a41859c5a9e85868d4174f

    • Size

      974KB

    • MD5

      a128a7ab31a41859c5a9e85868d4174f

    • SHA1

      7d614c5f27d5bd60af17e023b68fb67f787c461d

    • SHA256

      8bcf3984e139a272179407ef7f22e912d9e686d59db6dd92b36d1a546e73a34d

    • SHA512

      202464ce77f88b6a8878dd63acf1ed92267179a9f1d75f747b20f12abae0acb7373d56d5f37b1c54613e662600b8c842b77fdc5a032431b2119a41f5554c774e

    • SSDEEP

      24576:W9ai9wwr6RyuZ44G/MfR1FTNkdBAnlXG6+Z1mbXhmQW:xmr6RyuZNGUfRFkUlXF+Z1IXW

    Score
    9/10
    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks