General

  • Target

    coolgame.exe

  • Size

    20.1MB

  • Sample

    240522-mfpndabg64

  • MD5

    11e12cba1bb7f37223514f9a2a009d14

  • SHA1

    2d958950c86f2188cb4bfadc15203f625eee7aa2

  • SHA256

    7aad5d5b3a2c4298cf3017da897b6b7879174f1c400e739c5a55f1a3d5405a73

  • SHA512

    b8dbaf638ac29457696393e587063e721bce688b7431b42e9ee57b8eab76f85a7d7961413064d67e0c39f63b2c28179d95b196d0301853d7cf5b72ea9d70d2ef

  • SSDEEP

    393216:v5iLW2vOB/OzthRhylz5qcTnBV16v/pPzef+tqHNEECT7HCKDkXySUA:xiLW2vOtOztxeXTBV16vhPzef+tqH6NG

Score
7/10

Malware Config

Targets

    • Target

      coolgame.exe

    • Size

      20.1MB

    • MD5

      11e12cba1bb7f37223514f9a2a009d14

    • SHA1

      2d958950c86f2188cb4bfadc15203f625eee7aa2

    • SHA256

      7aad5d5b3a2c4298cf3017da897b6b7879174f1c400e739c5a55f1a3d5405a73

    • SHA512

      b8dbaf638ac29457696393e587063e721bce688b7431b42e9ee57b8eab76f85a7d7961413064d67e0c39f63b2c28179d95b196d0301853d7cf5b72ea9d70d2ef

    • SSDEEP

      393216:v5iLW2vOB/OzthRhylz5qcTnBV16v/pPzef+tqHNEECT7HCKDkXySUA:xiLW2vOtOztxeXTBV16vhPzef+tqH6NG

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks