General

  • Target

    yes.exe

  • Size

    70.2MB

  • Sample

    240604-f3encsee4y

  • MD5

    468fa21c606be78cc17425d912a66868

  • SHA1

    09c2d8e3d1d822040584422c7f320ef7785d9a7f

  • SHA256

    00010543ac7bfee0ce136bcd39b297e71af88b350754ba31742c6e9ad49f69b1

  • SHA512

    52b60d9e30d884e104e7a629d32270c3e9984a94736b2900d846257a4425a6b9fb910d91455de6ab1d621f831b9c2bbeef762e5505c7f477ae26a7968ff30e57

  • SSDEEP

    1572864:yYQtvpXFP/V4f6Gj53ikjt4jRq2GqFOPV58W+eHU2qHWB75izWm/mlWA2zSJ9gQ:H6t/VG6RmtCRlGPrXk2qHO5iqzv2GJ9g

Malware Config

Targets

    • Target

      yes.exe

    • Size

      70.2MB

    • MD5

      468fa21c606be78cc17425d912a66868

    • SHA1

      09c2d8e3d1d822040584422c7f320ef7785d9a7f

    • SHA256

      00010543ac7bfee0ce136bcd39b297e71af88b350754ba31742c6e9ad49f69b1

    • SHA512

      52b60d9e30d884e104e7a629d32270c3e9984a94736b2900d846257a4425a6b9fb910d91455de6ab1d621f831b9c2bbeef762e5505c7f477ae26a7968ff30e57

    • SSDEEP

      1572864:yYQtvpXFP/V4f6Gj53ikjt4jRq2GqFOPV58W+eHU2qHWB75izWm/mlWA2zSJ9gQ:H6t/VG6RmtCRlGPrXk2qHO5iqzv2GJ9g

    Score
    7/10
    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks