General

  • Target

    RipHook (1).exe

  • Size

    14.2MB

  • Sample

    240522-mw5pjacc9t

  • MD5

    f57516c2d62574b08aa1f7e6118854d1

  • SHA1

    20d7242b2962030cfd84a8e555076fb9115907e7

  • SHA256

    d162356510fdaf7beaea1f6f244e53fcaac0266aba4c79d6e04b2a9952c954b0

  • SHA512

    a8dd76399bada01f552a68131c1cd1bd0d6cfcc95c28de299a2daa47e43d3579098128624154c612d4fdf92a09bb64e485e6b68d44c6af484c92fd362c3ff5f0

  • SSDEEP

    393216:sOL3/dydvVnwW+eGQRZMTozGxu8C0ibfVc7xkxemRS7ZWDOu:Z8dvlwW+e5RsoztZ0qcq8K+wl

Score
7/10

Malware Config

Targets

    • Target

      RipHook (1).exe

    • Size

      14.2MB

    • MD5

      f57516c2d62574b08aa1f7e6118854d1

    • SHA1

      20d7242b2962030cfd84a8e555076fb9115907e7

    • SHA256

      d162356510fdaf7beaea1f6f244e53fcaac0266aba4c79d6e04b2a9952c954b0

    • SHA512

      a8dd76399bada01f552a68131c1cd1bd0d6cfcc95c28de299a2daa47e43d3579098128624154c612d4fdf92a09bb64e485e6b68d44c6af484c92fd362c3ff5f0

    • SSDEEP

      393216:sOL3/dydvVnwW+eGQRZMTozGxu8C0ibfVc7xkxemRS7ZWDOu:Z8dvlwW+e5RsoztZ0qcq8K+wl

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks