Resubmissions

13-09-2021 07:53

210913-jqz1badce3 10

General

  • Target

    dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19

  • Size

    1.2MB

  • Sample

    240414-r1v34shc92

  • MD5

    46418f7453541b35f5962bc93588c8d4

  • SHA1

    f6d57ef7add3039a956dd4a86f0efafb375d5eaf

  • SHA256

    dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19

  • SHA512

    cb7c7acc6496155f96f357be50ff789ab5bbe668f7624592f27cd9093914026848e476ea367ca6177e66f78f2c59300b78b9ac8092d5c2e0499069a21097620b

  • SSDEEP

    12288:u+rq0yKJ7KZeBA4DVzlzEyn2QFqTjCAjkTnV/QH7OTzId2nfpN3fXx:FW0yreAkpzP/QCAjkTmbOwYRZB

Score
10/10

Malware Config

Targets

    • Target

      dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19

    • Size

      1.2MB

    • MD5

      46418f7453541b35f5962bc93588c8d4

    • SHA1

      f6d57ef7add3039a956dd4a86f0efafb375d5eaf

    • SHA256

      dfe468bdad97b15c8ede2105a66c389b41f79e54de10747d6713140a70883a19

    • SHA512

      cb7c7acc6496155f96f357be50ff789ab5bbe668f7624592f27cd9093914026848e476ea367ca6177e66f78f2c59300b78b9ac8092d5c2e0499069a21097620b

    • SSDEEP

      12288:u+rq0yKJ7KZeBA4DVzlzEyn2QFqTjCAjkTnV/QH7OTzId2nfpN3fXx:FW0yreAkpzP/QCAjkTmbOwYRZB

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v15

Tasks