General

  • Target

    DialSyncXRBGGYWinTechStudios-v2.zip

  • Size

    7.7MB

  • Sample

    240405-msvedsac87

  • MD5

    ab7963fa08b6cec3cb4cb0576f5aa7ee

  • SHA1

    bd582dc032e52b7f3f93eb55d11ead2a32dcc5a4

  • SHA256

    bd14817859a08b9373be44b21fa66171be93eef58efbb7563c624ee0bad24c7e

  • SHA512

    193eaa958f6cc7e1978c8cf9dcf4b1e021bc6174cbe98da553c04eb9cc649913819c18e5f89508c8c891ffb6d05b9893f6e4cdf32d687837048a0db3cf5033c6

  • SSDEEP

    196608:30IvQ9mQnD0zNm+rk3Nx8tmzYCx9WHGvCShDTTED:30I49vnyNNrk3LECxR/ED

Malware Config

Targets

    • Target

      DialSyncXRBGGYWinTechStudios.exe

    • Size

      278.2MB

    • MD5

      415ad5f963af1c8ea5092c381208528f

    • SHA1

      8afe6ad30c1bf1cf7871447e0d0261db620d2edc

    • SHA256

      3335576d8a7f6745f217b7356c813dbff026f3f3c811559413e1114c4c0926c7

    • SHA512

      f85e6c51295383d65af83e510f52b6c6e9ef69e0fd5b728a1c879de4fa3b0549b327ad0f0258b0f70893e1bf3ef1b3fa0ba1a7bfbc4936a7a7dca418e8383a4f

    • SSDEEP

      393216:vg5kx5T3leiE3p/EAW68XzSyUErVDYoNguVW6N/bm6Rxi:JsoBNguri

    • Detected bankofmontreal phishing page

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks