General

  • Target

    yes.exe

  • Size

    70.2MB

  • Sample

    240604-f5d5lsef2s

  • MD5

    569b71197a5b09623d13601e2e7eb77b

  • SHA1

    712a62fc11f6d05c27ff82b86dd714e7f6f02b35

  • SHA256

    c1bcda6e790985530b5f15018ce2d6bb990f78c6d8b4f5609493d7718ae7b414

  • SHA512

    32acda68c69933b3af398b44ace67fdfb9a968bb5505023d05fea09f60ebdd0f25e7be08bf240b45ce763424f4751b8cde343f87d8b65b25748e0be46b687cc0

  • SSDEEP

    1572864:YYQtvpXFP/V4f6Gj53ikjt4jRq2GqFOPV58W+eHU2qHWB75izWm/mlWA2zSJ9gQ:p6t/VG6RmtCRlGPrXk2qHO5iqzv2GJ9g

Malware Config

Targets

    • Target

      yes.exe

    • Size

      70.2MB

    • MD5

      569b71197a5b09623d13601e2e7eb77b

    • SHA1

      712a62fc11f6d05c27ff82b86dd714e7f6f02b35

    • SHA256

      c1bcda6e790985530b5f15018ce2d6bb990f78c6d8b4f5609493d7718ae7b414

    • SHA512

      32acda68c69933b3af398b44ace67fdfb9a968bb5505023d05fea09f60ebdd0f25e7be08bf240b45ce763424f4751b8cde343f87d8b65b25748e0be46b687cc0

    • SSDEEP

      1572864:YYQtvpXFP/V4f6Gj53ikjt4jRq2GqFOPV58W+eHU2qHWB75izWm/mlWA2zSJ9gQ:p6t/VG6RmtCRlGPrXk2qHO5iqzv2GJ9g

    Score
    7/10
    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks