General

  • Target

    modified_script.exe

  • Size

    122.4MB

  • Sample

    241112-n5cwjssdkb

  • MD5

    b79917e2c12493d021d61239feaaf4bf

  • SHA1

    12146d8a291516389b5d1b875c56a54777cd0b0f

  • SHA256

    35419c327e331f6200878df036cc933f4fa4da9dfe53ff399f3b519830b032ad

  • SHA512

    bf29d11a15fb525860309d34e5c363f8bddb8035440f12a832a439976ef72a62c116857daab713d19a634e38b5d797fa0b115c3963aa913aef512d9af45c080c

  • SSDEEP

    3145728:zUqgYRPSC++6y9cIWmvgODUysW9j3qWTcKCsGPrZsh2qHO5iV4jdfVA:YqxaC4y9am7DUysW9jxCsuCXHCiCG

Malware Config

Targets

    • Target

      modified_script.exe

    • Size

      122.4MB

    • MD5

      b79917e2c12493d021d61239feaaf4bf

    • SHA1

      12146d8a291516389b5d1b875c56a54777cd0b0f

    • SHA256

      35419c327e331f6200878df036cc933f4fa4da9dfe53ff399f3b519830b032ad

    • SHA512

      bf29d11a15fb525860309d34e5c363f8bddb8035440f12a832a439976ef72a62c116857daab713d19a634e38b5d797fa0b115c3963aa913aef512d9af45c080c

    • SSDEEP

      3145728:zUqgYRPSC++6y9cIWmvgODUysW9j3qWTcKCsGPrZsh2qHO5iV4jdfVA:YqxaC4y9am7DUysW9jxCsuCXHCiCG

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks