4dfda8201555854b2af85a5176e2a2eeb58c4e53c404145b04b3016027cd617a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Terranova beta 0.4.exe
Size

29.7MB
Sample

240824-heaqlsxfph
MD5

f2df5ce5e3440ac5f4e09c2e8e5655a1
SHA1

c801c43977d1ecd8e82b9f1d6d15ad8d40545a44
SHA256

4dfda8201555854b2af85a5176e2a2eeb58c4e53c404145b04b3016027cd617a
SHA512

854f871d78bbefe79e21f21f069d59fe7fdf73f6ab809c2a8cb2bb7b3153c163f483be3489b426cdede4c6cb7dce01bcaba8878f10db00975e6d6b45094b80a6
SSDEEP

786432:U/pR01+l+uqgvz1QtI++nUU0sc6yhclO9a8DZctKukAGzK:aR01CppiI+sOX6yM6CkLz

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  Terranova beta 0.4.exe
- Size
  
  29.7MB
- MD5
  
  f2df5ce5e3440ac5f4e09c2e8e5655a1
- SHA1
  
  c801c43977d1ecd8e82b9f1d6d15ad8d40545a44
- SHA256
  
  4dfda8201555854b2af85a5176e2a2eeb58c4e53c404145b04b3016027cd617a
- SHA512
  
  854f871d78bbefe79e21f21f069d59fe7fdf73f6ab809c2a8cb2bb7b3153c163f483be3489b426cdede4c6cb7dce01bcaba8878f10db00975e6d6b45094b80a6
- SSDEEP
  
  786432:U/pR01+l+uqgvz1QtI++nUU0sc6yhclO9a8DZctKukAGzK:aR01CppiI+sOX6yM6CkLz
Score

7^/10
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Terranova beta 0.4.pyc
- Size
  
  19KB
- MD5
  
  cb4cf072be26f0d9e79022301e9ca8ab
- SHA1
  
  12304d366babf3c2f8c573eb8b8251850e8737eb
- SHA256
  
  23918f78c0bd8b69b9c9d31096b1786d548f297e6209eb959df0ed87dc56d841
- SHA512
  
  79656b500978a0d648d97ab50c91b584a5e80e33a97b15145bd64526ee2905793194c300fa549aeb865f6604bc8ec3cf989b8054a2a3ee5f6572b59eb316af87
- SSDEEP
  
  384:0YXeHm+G6BGFextl8mQyDsPx+kWfYG0eV5:0ZHZQFAtl8mQyMer
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2