General

  • Target

    auditpol.exe

  • Size

    32KB

  • Sample

    240613-hjpekasbrq

  • MD5

    df7cd9aa34252dd4e0330fe964d5bdf7

  • SHA1

    eb4d9079a1d8900265df59686644386698b6de18

  • SHA256

    6a6c7fa1890dfb36f31780eabab1a42fbbfac43bc2df14b97bf49b1e3eb1dec6

  • SHA512

    31a5603e8ed686d90e1cf932af64db1c1f78d8efe303e2ec1079c06ae44845d2681fbebb11c1128738dde101e7b27f38704bdc72023a3ab90072c8606cd2b2a1

  • SSDEEP

    768:kF76lUg5sRF057jvykFalDtqQ4pd5C2NWUQ:Ke+FRi7W+ADtqQ4X5C2NWUQ

Score
6/10

Malware Config

Targets

    • Target

      auditpol.exe

    • Size

      32KB

    • MD5

      df7cd9aa34252dd4e0330fe964d5bdf7

    • SHA1

      eb4d9079a1d8900265df59686644386698b6de18

    • SHA256

      6a6c7fa1890dfb36f31780eabab1a42fbbfac43bc2df14b97bf49b1e3eb1dec6

    • SHA512

      31a5603e8ed686d90e1cf932af64db1c1f78d8efe303e2ec1079c06ae44845d2681fbebb11c1128738dde101e7b27f38704bdc72023a3ab90072c8606cd2b2a1

    • SSDEEP

      768:kF76lUg5sRF057jvykFalDtqQ4pd5C2NWUQ:Ke+FRi7W+ADtqQ4X5C2NWUQ

    Score
    6/10
    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks