General
-
Target
EvadeSpoofer.exe.unsafe
-
Size
17.9MB
-
Sample
241128-y7latavmdn
-
MD5
9b4692d2cfef74cc6a72b8ac2c765dca
-
SHA1
08896d5ca172aabc70f3844e7fed93a2886d1250
-
SHA256
0e32103bf0e6bb02a30f1c5fcf7f214025eeb8e9d3eb406bf4d94948c1f02f05
-
SHA512
30b4840532361aa4d198d052b845fd02eae0e12d2b1738b8ccefe15e08cd9d9a109faca481467f233f2b645c33577ad0a23990b7628a65cdf012b1530b17f8e5
-
SSDEEP
393216:JqPnLFXlrVQMDOETgsvfGBgqurQvEI5Z0/yvU9q:APLFXNVQREYnUEQyd
Behavioral task
behavioral1
Sample
EvadeSpoofer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
EvadeSpoofer.exe.unsafe
-
Size
17.9MB
-
MD5
9b4692d2cfef74cc6a72b8ac2c765dca
-
SHA1
08896d5ca172aabc70f3844e7fed93a2886d1250
-
SHA256
0e32103bf0e6bb02a30f1c5fcf7f214025eeb8e9d3eb406bf4d94948c1f02f05
-
SHA512
30b4840532361aa4d198d052b845fd02eae0e12d2b1738b8ccefe15e08cd9d9a109faca481467f233f2b645c33577ad0a23990b7628a65cdf012b1530b17f8e5
-
SSDEEP
393216:JqPnLFXlrVQMDOETgsvfGBgqurQvEI5Z0/yvU9q:APLFXNVQREYnUEQyd
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1