General
-
Target
main.exe
-
Size
17.9MB
-
Sample
241030-xkh2hazbkd
-
MD5
730fc86da627a409e79927e3d7a4c134
-
SHA1
b6d604d54f768ffa2ee23f392f00923f577477e7
-
SHA256
d3976032b4f070c0869f16149179df984ef6c479d1b510062ced4cda55bd17b8
-
SHA512
b5f7696b65ee1e4b6f0baf7b01080b2d08afcdea916f035c7abe68774cc3278989bb0375a95e8c65180738fed4c0d8d7f923b8a5a459999d169202aaa1b88a50
-
SSDEEP
393216:oqPnLFXlrzQMDOETgsvfGlgQnZvEnY9dDunE3q:ZPLFXNzQREorOnK1uh
Behavioral task
behavioral1
Sample
main.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
main.exe
-
Size
17.9MB
-
MD5
730fc86da627a409e79927e3d7a4c134
-
SHA1
b6d604d54f768ffa2ee23f392f00923f577477e7
-
SHA256
d3976032b4f070c0869f16149179df984ef6c479d1b510062ced4cda55bd17b8
-
SHA512
b5f7696b65ee1e4b6f0baf7b01080b2d08afcdea916f035c7abe68774cc3278989bb0375a95e8c65180738fed4c0d8d7f923b8a5a459999d169202aaa1b88a50
-
SSDEEP
393216:oqPnLFXlrzQMDOETgsvfGlgQnZvEnY9dDunE3q:ZPLFXNzQREorOnK1uh
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1