64cb9ff36c82878a84768c6eb138d2e9adf8ed9df0eb58cfe44ada8bc56f6060 | Triage

Sharing

General

Target

FluxTeamB.zip
Size

71KB
Sample

240901-d5m2ea1bph
MD5

5b983519f5d1ad44ed85f8eb6c010bc1
SHA1

e86f542b1b5d172bb78819232119d80b23d24f54
SHA256

64cb9ff36c82878a84768c6eb138d2e9adf8ed9df0eb58cfe44ada8bc56f6060
SHA512

49dc71aa6b3fc01a825f46d3c39b8de1cb22cf06c361a56aa2ad5e82c280d5687e0ed0d2e308cb1130143ca617f56c223af2b450ae87dd312d5226e583042916
SSDEEP

1536:ehKxsxO7t2QKKWMfRTiDiJc9O2p58p5GK8i67KrN8Q:juxG2QNWaTkie9oyiDrNZ

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  FluxTeamB/BootStrapper.dll
- Size
  
  10KB
- MD5
  
  7018c7e5fde3594734d31933cfbb47b9
- SHA1
  
  7d8d9fde9acd352a4263c4adea99edcf8c65a01a
- SHA256
  
  6b758acc2feb6bd2cf8300ae3261c6dd7e4e76a94cbe4daac90e167cd2cd2bd0
- SHA512
  
  2fafdb3f8d893edfe7749319bc27843b88e09750e856b42505606f5467cdd2f236eba13cd5cf26537f0093a7ea41911ff7b72705a37c9ad3b2f6d586e009c36c
- SSDEEP
  
  96:KIJ78yP8RO4N/w8L+uIZQ2enkndwKqE0x3WNtW1jYcFsNVcz1W4oKYMsLYUa:XJXkPws8ZQa+dx8stYcFSVc03KY
Score

1^/10
behavioral1 behavioral2
- Target
  
  FluxTeamB/BootStrapper.exe
- Size
  
  149KB
- MD5
  
  dd742c42283806d63458be56a64ea254
- SHA1
  
  bb252ef14c278321b1a6f474a686e224269dd457
- SHA256
  
  cf4afbbe58f7a6d7f1888b0a0e2da4f57da6d3ea329dc577c230b806f74aba26
- SHA512
  
  7b3a2ca8518f5cd27de93733bf20958053fac4bcd00039f8f73979fcf8fc2e6393dcc7f10bed0971cac15d090375b7292ad9fcc425e29687b04f8b033b197121
- SSDEEP
  
  3072:+czkitvo4BpYN/6mBPry8TXROLdW5m4mURp9OOGF0kmGwY:+A4NCmBPry/N2NOOInw
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  FluxTeamB/BootStrapper.runtimeconfig.json
- Size
  
  253B
- MD5
  
  24e4653829de1022d01cd7ddd26e2f22
- SHA1
  
  9160a009cb381e044ba4c63e4435da6bfeb9dc6d
- SHA256
  
  ded3aeb5856a11db0b654a785574490cab55839ebfb17efe9e39b89618fc5b91
- SHA512
  
  efd4bbba1baec0b47003831510e3aa539db9ef468e0f06ba9d7ba6d0b3800035f7c818d7d90171bfd377ec97d08c4617555bcff635dd83efceb412b1a9cca820
Score

3^/10

discovery
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6