General

  • Target

    SCOOBY_Tools.exe

  • Size

    14.5MB

  • Sample

    240621-h7dyqsvdll

  • MD5

    35d2327168f2804b62f2d628d037b823

  • SHA1

    7162df40d12f34f646cbf3a935aa77efc0e4a29c

  • SHA256

    916f6668cd54fab847bd0858b75ac0b8ddc85d57d10fcbac61c3d566119280c8

  • SHA512

    ccf367f6eaa88c882cc44028c707dc8ec2e8534793e51b473f9a789e14cdc2dde32fde50dd914bf3b7169951aa2c08d81a6eba87b665c09b6fe07eefad3ca5cf

  • SSDEEP

    393216:EmZZC/Bc9CDXRL3bYiG0plnzt3QA2iGkmkOqU:EmXIvJM6ln5QtDk8

Malware Config

Targets

    • Target

      SCOOBY_Tools.exe

    • Size

      14.5MB

    • MD5

      35d2327168f2804b62f2d628d037b823

    • SHA1

      7162df40d12f34f646cbf3a935aa77efc0e4a29c

    • SHA256

      916f6668cd54fab847bd0858b75ac0b8ddc85d57d10fcbac61c3d566119280c8

    • SHA512

      ccf367f6eaa88c882cc44028c707dc8ec2e8534793e51b473f9a789e14cdc2dde32fde50dd914bf3b7169951aa2c08d81a6eba87b665c09b6fe07eefad3ca5cf

    • SSDEEP

      393216:EmZZC/Bc9CDXRL3bYiG0plnzt3QA2iGkmkOqU:EmXIvJM6ln5QtDk8

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks