720818fdb9cae600223d72474859f367b66a5a3cdfa6dc1d80ad53c8e6200e62 | Triage

Sharing

General

Target

n8zZxpL.exe
Size

8.3MB
Sample

240528-b29pwsaa7z
MD5

8a03f3cd5136dad910a9c7c50c911822
SHA1

c61816536af80b882e9d2a7a6a0a3c99457124d8
SHA256

720818fdb9cae600223d72474859f367b66a5a3cdfa6dc1d80ad53c8e6200e62
SHA512

121a62b5ba8dcab071f74abe98c2f87c9af67e6e2224c6d76bebf31b141700b215964a6157efd99f461f109b25bb02ffa574e9a01b502074eadd9e6163d428c5
SSDEEP

196608:Ls0jLqBA1HeT39IigQdeE9TFa0Z8DOjCdyl5okknz8Qdd5x9K:l6q1+TtIiLUY9Z8D8Ccl+loWx9K

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  n8zZxpL.exe
- Size
  
  8.3MB
- MD5
  
  8a03f3cd5136dad910a9c7c50c911822
- SHA1
  
  c61816536af80b882e9d2a7a6a0a3c99457124d8
- SHA256
  
  720818fdb9cae600223d72474859f367b66a5a3cdfa6dc1d80ad53c8e6200e62
- SHA512
  
  121a62b5ba8dcab071f74abe98c2f87c9af67e6e2224c6d76bebf31b141700b215964a6157efd99f461f109b25bb02ffa574e9a01b502074eadd9e6163d428c5
- SSDEEP
  
  196608:Ls0jLqBA1HeT39IigQdeE9TFa0Z8DOjCdyl5okknz8Qdd5x9K:l6q1+TtIiLUY9Z8D8Ccl+loWx9K
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2