General

  • Target

    Towers (Paid).exe

  • Size

    20.1MB

  • Sample

    240619-arm8gazemb

  • MD5

    78f2167ffc65737f93605ed6004e5f38

  • SHA1

    d6ec25ee83c8e0e0aa1a97fd7949ad60e24b2e1b

  • SHA256

    34d8469a325db034742a082299caef8a82f2e0e18e6988fdaf15efea34f9ef6f

  • SHA512

    a1f345b9cd1ff6d2c0897a05d865935c7f0322b1704532c373d2a84982420021d2000679d66e47d364dfdfb8e6a4136093c9e42713886d0906857b3b5b4f45dc

  • SSDEEP

    393216:1zEYPh8EL2Vmd6mI/m3pyc/eEJ4mbYV4aR5heV2BUp/Io3c8m0HK:OIyVmdSKyuh4yY/eVAoMQHK

Malware Config

Targets

    • Target

      Towers (Paid).exe

    • Size

      20.1MB

    • MD5

      78f2167ffc65737f93605ed6004e5f38

    • SHA1

      d6ec25ee83c8e0e0aa1a97fd7949ad60e24b2e1b

    • SHA256

      34d8469a325db034742a082299caef8a82f2e0e18e6988fdaf15efea34f9ef6f

    • SHA512

      a1f345b9cd1ff6d2c0897a05d865935c7f0322b1704532c373d2a84982420021d2000679d66e47d364dfdfb8e6a4136093c9e42713886d0906857b3b5b4f45dc

    • SSDEEP

      393216:1zEYPh8EL2Vmd6mI/m3pyc/eEJ4mbYV4aR5heV2BUp/Io3c8m0HK:OIyVmdSKyuh4yY/eVAoMQHK

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks