Overview

overview

10

Static

static

3

c23a1c61c0...34.exe

windows7-x64

10

c23a1c61c0...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c23a1c61c016b93168071e76881ba134

  • Size

    45KB

  • Sample

    240312-cyjvqsdf5x

  • MD5

    c23a1c61c016b93168071e76881ba134

  • SHA1

    723ea342dc6e28cdeeb18020738e4198cb39533b

  • SHA256

    709f4d63aaaaa4071dbb5f74ea9ef1292d78a55d773b4f0c6efd1ee9c6c5e9e1

  • SHA512

    7e3f5918a75ec44bc2eea959c2e136f8002d2ad96b96001b25381922122f8be6f45431de47adb29ca452d04ddfc941d6f9f3b328a29ab1eff841950efb1fa262

  • SSDEEP

    384:Qhu//BkfGN15yrdjI+cRy2APBsLf45kSyf8K7MPZv9Tnf/eC/Gv3nUt4lJtNSvzw:BBkeNeXdt5ADCnfP/lt8teQNLIoKpo

Score
10/10
evasionpersistencetrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    jaguar666

Targets

    • Target

      c23a1c61c016b93168071e76881ba134

    • Size

      45KB

    • MD5

      c23a1c61c016b93168071e76881ba134

    • SHA1

      723ea342dc6e28cdeeb18020738e4198cb39533b

    • SHA256

      709f4d63aaaaa4071dbb5f74ea9ef1292d78a55d773b4f0c6efd1ee9c6c5e9e1

    • SHA512

      7e3f5918a75ec44bc2eea959c2e136f8002d2ad96b96001b25381922122f8be6f45431de47adb29ca452d04ddfc941d6f9f3b328a29ab1eff841950efb1fa262

    • SSDEEP

      384:Qhu//BkfGN15yrdjI+cRy2APBsLf45kSyf8K7MPZv9Tnf/eC/Gv3nUt4lJtNSvzw:BBkeNeXdt5ADCnfP/lt8teQNLIoKpo

    Score
    10/10
    evasionpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks