Resubmissions

22-09-2021 14:35

210922-ryctradad5 10

General

  • Target

    81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

  • Size

    1.2MB

  • Sample

    240414-r4vlracc3s

  • MD5

    a1f481baa8334ad8a5c65919af2b6346

  • SHA1

    aec7cd3a72d96948bf741bba48048c1b5cf3f036

  • SHA256

    81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

  • SHA512

    e0c28dabe65224c2a40612e18807dc7ccdb58168be304f38f625936b1ebbdf1a6233f6e8f3d3a676e9c82ae3d9e6477cdeac8299c670ae3676b3ca4c3fc434a8

  • SSDEEP

    12288:u+rq0yKJ7KZeBA4DVzlzEyn2QFqTjCAjkTnV/QH7OTzId2nfpN3fXz:FW0yreAkpzP/QCAjkTmbOwYRZj

Score
10/10

Malware Config

Targets

    • Target

      81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

    • Size

      1.2MB

    • MD5

      a1f481baa8334ad8a5c65919af2b6346

    • SHA1

      aec7cd3a72d96948bf741bba48048c1b5cf3f036

    • SHA256

      81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb

    • SHA512

      e0c28dabe65224c2a40612e18807dc7ccdb58168be304f38f625936b1ebbdf1a6233f6e8f3d3a676e9c82ae3d9e6477cdeac8299c670ae3676b3ca4c3fc434a8

    • SSDEEP

      12288:u+rq0yKJ7KZeBA4DVzlzEyn2QFqTjCAjkTnV/QH7OTzId2nfpN3fXz:FW0yreAkpzP/QCAjkTmbOwYRZj

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v15

Tasks