General

  • Target

    bjj.zip

  • Size

    1.2MB

  • Sample

    240517-p2zrkshg91

  • MD5

    d4f3aac49d3433b577e108b9073175d4

  • SHA1

    914d3cd38d92e1f73d60c649b08ae3ab65447ad7

  • SHA256

    93342ba29bb4352232870a25963ee5574fa7d78b29f20776cf8f13dc51432785

  • SHA512

    d2e847d9353bb9af80231b16460a6a87187058701b1cbb181e23dc201df58715a8e6f1f35772590ace81be76ea6da0ecdf6f9672beb9a2ba766e7afc2f520daa

  • SSDEEP

    24576:40zEarfEA0zj/WHdEJ8VAvEiNcYRxq1dkPK2M5k3egc6Wckj1X:VTrKW6Oueck1CPKR8egZ5kR

Score
10/10

Malware Config

Targets

    • Target

      3. Scan network drives/9.1 Finder.exe

    • Size

      125KB

    • MD5

      597de376b1f80c06d501415dd973dcec

    • SHA1

      629c9649ced38fd815124221b80c9d9c59a85e74

    • SHA256

      f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446

    • SHA512

      072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b

    • SSDEEP

      1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Target

      3. Scan network drives/9.2 NS.exe

    • Size

      113KB

    • MD5

      869420f42c9448924f935e5c1e2d9949

    • SHA1

      f628f11e39d2ce90e49de8774df40a248a6abcff

    • SHA256

      3da3b704547f6f4a1497107e78856d434a408306b92ba7c6e270c7c9790aa576

    • SHA512

      c272bc1fe3dd8cace08b4c5315dd481820e25fc72d177d9ff450622d1d7f0f2b54afa179cfb6d473ff0c349f672a330f5945bcdddc6b3142c4dbe10e9d1b2bed

    • SSDEEP

      1536:dcI+4BLSk6cMj+zlh/MHjibsu0y1P3q0LE4sCjYjUJG+fMgOQMcbFh169dsWjcdl:WIi0NXS2cm/qSE18Y44m5Fh4c3V

    Score
    1/10
    • Target

    • Size

      1.3MB

    • MD5

      7c81770eee7776811ccbf01584262ca7

    • SHA1

      5632f27158227ec4b6b6910133cebe035dc20bcb

    • SHA256

      153a11e6dfe886a1950c874309f33cee72411bce30d283ece10b8f2d5870ca03

    • SHA512

      39c515bc26ff320d8bfd07311ac927c5b68bac0b1b29b5f83235502f811b969b45edb6980656ac704b1963f562662f799a5275ca8c2f289d9d508f11a6c30437

    • SSDEEP

      24576:/FkxWGzCNdJpSFyI/GRX15UELFv9tJm4BYUeOdeuAo8v2+74Ws3Nm30Y:exqmywGH5UK7AHLUNi3

    Score
    8/10
    • Modifies Windows Firewall

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks