0b344ea475ec861224be419046952b2266a3c723e8818724db00a36bad156bce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

vault.tar.gz
Size

659KB
Sample

240531-tbvr6adb7y
MD5

cfe22adfa821880f6d280a108bfaa81c
SHA1

16f2b492fb764da26224990889078e9bca627f15
SHA256

0b344ea475ec861224be419046952b2266a3c723e8818724db00a36bad156bce
SHA512

33bea5bbabfd2cfa6f9e3c6c897688c999cb2c60874d5b33d2c59166f66662801b17b6e2faa5e16d18f3017dc5069a0ebd20ccdfad8d6897be48a6addbed5dd9
SSDEEP

12288:LyiGt8++bGbssynewuqdI0VUwe9R8XivgZ/8qb8+XCi8JcF1:LO8+Uhq0qF9EDZ/X8oCiT1

Score

6^/10

execution

Malware Config

Targets

- Target
  
  sample
- Size
  
  4.9MB
- MD5
  
  1bb5434dcde7bde9af379413f2adc136
- SHA1
  
  24f7f4ced4533d423e20462e5315cdc74247e4f0
- SHA256
  
  556cc4c4b7f58caa60f87f8e0d7bf3192c481a40997c2882fd3fad3381387a5f
- SHA512
  
  71712747a5f1f3fa23bbc37d671831cea8b79d9a25a75f1ba0a31f183ae456554351d781d573c3195bb898f605be726d7e438c595ca85e842883f14f410f3625
- SSDEEP
  
  12288:BYyGvEtfjdiGqymEBDaXZKSaBWxCHE+xXdMOk4oAAWDwAi9I++oUv3:xq03wxwfWfdWa9R+oUv3
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  5.180.24.230/index.html
- Size
  
  1.9MB
- MD5
  
  1f4f1b7dae8cdffd02e6de2418b68019
- SHA1
  
  44551b779dce1e4580b1f5a281d74e09d495ad05
- SHA256
  
  d352c8590f0efa765be333f16ece4972c1f677651f94cf9db6610f154ce3d1e6
- SHA512
  
  10d2ebb2931a95c4654cfeceec7464004e596d52a83a0fa9538cdc64548b2dec1dcbce2dc1a6fdd1b8b4c01f3c68c93531696d32f294c103be0ec0d3c7267418
- SSDEEP
  
  6144:gClk4oAc+aW1FwHgibjZzUj++o38vEgvSJ+J:gOk4oAAWDwAi9I++oUv3J
Score

4^/10
behavioral2
- Target
  
  5.180.24.230/js/bootstrapValidator.min.js
- Size
  
  108KB
- MD5
  
  55417190ec5af90430121b0e5718590e
- SHA1
  
  b31939ff1995a320b5cd4eb08ba20f00dd69a9e3
- SHA256
  
  3db145d4c760f3ababc0e61758d24f3f8cf919ef4a2e9e8a5d7d4d511418f07a
- SHA512
  
  569d948a65552bc90d3a35eaaa3fc1d05ca8f7a4833e3f4e0929b5be6612acb605de6c083815e1ff24590d52a8f0d7a6427d465238cad2f149b824829186a2fc
- SSDEEP
  
  1536:l77ZSJIk6k5/vkC9RnT9eufkGa/on3DXq/82CC10lt0SFxhZAupPQG7dql2zIQ8d:2WY5QhqOqu
Score

3^/10

execution
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3