General

  • Target

    DevolucionImpuestopiendenteTGR_16081.zip

  • Size

    309KB

  • Sample

    240822-rxw61avcmj

  • MD5

    f925049f2e5239be705f58aaeab3f08e

  • SHA1

    1021bae0eb6cf578306b8ce5dcce3d566c42b836

  • SHA256

    dc626f8f3b32c1e751d02c3e881bdfdc701a8db9dcb11a424b68f69fd7c4ce5c

  • SHA512

    d658e2c045670ca9fc02041796a961c8f1ab87a575ede85c01997c20038e4edd4778271477c9565c83073cd0aea0e0c89c9f734c6f957211f2a61ca51e88c5e5

  • SSDEEP

    6144:H3a1YunFgHLuIJCIMmzEeX6f3MUI1Fuwa93ioZxkzQAqniu7jblEG5sQ71wJiZrm:qYuFgHd8I9zEa6vMUqk3ioHTPiuxH5sR

Malware Config

Targets

    • Target

      DevolucionImpuestopiendenteTGR_16081.zip

    • Size

      309KB

    • MD5

      f925049f2e5239be705f58aaeab3f08e

    • SHA1

      1021bae0eb6cf578306b8ce5dcce3d566c42b836

    • SHA256

      dc626f8f3b32c1e751d02c3e881bdfdc701a8db9dcb11a424b68f69fd7c4ce5c

    • SHA512

      d658e2c045670ca9fc02041796a961c8f1ab87a575ede85c01997c20038e4edd4778271477c9565c83073cd0aea0e0c89c9f734c6f957211f2a61ca51e88c5e5

    • SSDEEP

      6144:H3a1YunFgHLuIJCIMmzEeX6f3MUI1Fuwa93ioZxkzQAqniu7jblEG5sQ71wJiZrm:qYuFgHd8I9zEa6vMUqk3ioHTPiuxH5sR

    Score
    1/10
    • Target

      -

    • Size

      325KB

    • MD5

      04704493bcdc4d0c1c9d0fd8ebf5afbc

    • SHA1

      95d64b037a8d0c5d8318a7c1429d89529ac5c766

    • SHA256

      28225c5622637cdaed8342e14560e8de7b53dd6ba145d973643fc4b5bdd67b75

    • SHA512

      ed06b9f7931326ff6923b65e95db45931b21995aa8b52eb26f578017e5b60bee7139251bc3fedc65fc7becb7e1d7d4dfdaa17361d01d8d36ebd770c9142c5c8d

    • SSDEEP

      6144:daVWdyzOxeA1DfdwX3MmIO12waD3ioZjkzQAqnee7j/lEm5sQ71oJwZzyIrz:dMROxdDfOnMmXa3ioVTPee9t5sgoJqrz

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      DevolucionImpuestopiendenteTGR_b1Gz5R2UBS.cmd

    • Size

      3KB

    • MD5

      437232fabe2b83b0d67647378088bc64

    • SHA1

      7fd0ce07fe455f483d9714322f08e9f9c860aa4f

    • SHA256

      1e74435045984691a9d8bce58101b8e3509c1031142b8aedd8f81d1c67eedbd2

    • SHA512

      d975f69eca32d23781408118c66a3b8bd2a6c4006eca6ea78a7ef37f7d6cb7a88422e446ebf58e650f7e84ab7fbbcd299c7cc8ba3fb68d5a0daefeb141912f3d

    Score
    8/10
    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks