Resubmissions

20-04-2024 07:03

240420-hvveysbg9x 7

20-04-2024 07:00

240420-hsm8vsbb72 7

General

  • Target

    pythoninzoo.exe

  • Size

    18.2MB

  • Sample

    240420-hvveysbg9x

  • MD5

    3a272e96b2a6682a76021561514d1906

  • SHA1

    69674411cab38710263415b8d710780f3752bded

  • SHA256

    934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894

  • SHA512

    26298bf3d5337950045e33033edbeaaf5c5ad7de2906518bb4d7d49057cd9f62c1594790a61ee5ca9881f1c4c243f7f660899f8219043b636f3383e35993199a

  • SSDEEP

    393216:N4xb4FU9V++4eN0ynQYeFsseTDfDgKic64eDW8Q3+d9B4X:2x8SVSeC9sseTb0K94W8QOd9B8

Score
7/10

Malware Config

Targets

    • Target

      pythoninzoo.exe

    • Size

      18.2MB

    • MD5

      3a272e96b2a6682a76021561514d1906

    • SHA1

      69674411cab38710263415b8d710780f3752bded

    • SHA256

      934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894

    • SHA512

      26298bf3d5337950045e33033edbeaaf5c5ad7de2906518bb4d7d49057cd9f62c1594790a61ee5ca9881f1c4c243f7f660899f8219043b636f3383e35993199a

    • SSDEEP

      393216:N4xb4FU9V++4eN0ynQYeFsseTDfDgKic64eDW8Q3+d9B4X:2x8SVSeC9sseTb0K94W8QOd9B8

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks