General
-
Target
dedsec multitool.exe
-
Size
17.8MB
-
Sample
241004-t11dyayemh
-
MD5
a8db1e9986184e9a1f8503d668605851
-
SHA1
a8882e5f3620ebcb57b2c44e7043d7ece076e0de
-
SHA256
995b408bf06ae75d610d250b48a775709884c834905d32097e9d455814565661
-
SHA512
3ab3ecbe1b2c827955090d699abcfbf4b219a1105df05077ee708dc62c32f61c1937247a9f1ecee2fbaa428e15e75e9cf9e566cd626da08d77fc1a444f18d664
-
SSDEEP
393216:iqPnLFXlrGBQ+DOETgsvfGwgcGXvEFh0qOCPhsEq:nPLFXNGBQ/E5fFsqOCQ
Behavioral task
behavioral1
Sample
dedsec multitool.exe
Resource
win11-20240802-en
Malware Config
Targets
-
-
Target
dedsec multitool.exe
-
Size
17.8MB
-
MD5
a8db1e9986184e9a1f8503d668605851
-
SHA1
a8882e5f3620ebcb57b2c44e7043d7ece076e0de
-
SHA256
995b408bf06ae75d610d250b48a775709884c834905d32097e9d455814565661
-
SHA512
3ab3ecbe1b2c827955090d699abcfbf4b219a1105df05077ee708dc62c32f61c1937247a9f1ecee2fbaa428e15e75e9cf9e566cd626da08d77fc1a444f18d664
-
SSDEEP
393216:iqPnLFXlrGBQ+DOETgsvfGwgcGXvEFh0qOCPhsEq:nPLFXNGBQ/E5fFsqOCQ
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1