apollo | 8f4cf379ee2bef6b60fec792d36895dce3929bf26d0533fbb1fdb41988df7301 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Winver.exe.bin
Size

5.4MB
Sample

240409-c69fcsca86
MD5

4f8bd643c59658e3d5b04d760073cbe9
SHA1

7c322f68f67e239016a130952e33cda4723143a7
SHA256

8f4cf379ee2bef6b60fec792d36895dce3929bf26d0533fbb1fdb41988df7301
SHA512

9786627a64216e993f68c3439dc57cd37d3f307ab7f0fb6b2c157cef12562a4192b092513a99a36d3bba804c029db2af6bab48a27cd20950dc1f5d383ef511af
SSDEEP

49152:KyuFnchWhp4xJIjKQVAmWsZMbwDbQ87Owguj55EsLKX38CnSVTqiyrW3Y0X:189EJEzAbw/BeIEvzSNqdIX

Score

10^/10

apollo

Malware Config

Extracted

Family

apollo

C2

https://daily-mashriq.org/goyxdrkhjilchyigflztv

Targets

- Target
  
  Winver.exe.bin
- Size
  
  5.4MB
- MD5
  
  4f8bd643c59658e3d5b04d760073cbe9
- SHA1
  
  7c322f68f67e239016a130952e33cda4723143a7
- SHA256
  
  8f4cf379ee2bef6b60fec792d36895dce3929bf26d0533fbb1fdb41988df7301
- SHA512
  
  9786627a64216e993f68c3439dc57cd37d3f307ab7f0fb6b2c157cef12562a4192b092513a99a36d3bba804c029db2af6bab48a27cd20950dc1f5d383ef511af
- SSDEEP
  
  49152:KyuFnchWhp4xJIjKQVAmWsZMbwDbQ87Owguj55EsLKX38CnSVTqiyrW3Y0X:189EJEzAbw/BeIEvzSNqdIX
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2