General

  • Target

    download

  • Size

    6KB

  • Sample

    250702-x5d82sgj9v

  • MD5

    3b33c11edb81868b3f3b44e3d35259ba

  • SHA1

    10dffa35af24d670b92b695cb355e15d2be4ee44

  • SHA256

    daf1c377fbc266ceb3cbf45620cbdcad927cac57189b0926d35e7a3d10ad47e4

  • SHA512

    015544cc0ef9f29351fb654707dd2d1c673c72a87acc1ffa2648286195d2fd7406324be8427bd9cc81deb526a9f2988334307f26151b143cee66f544766378f0

  • SSDEEP

    192:PN2VBWg6t8Ni0zxQSh0DBVky+YIki+yYew:Aqg6t8tzxhMkbYKeew

Score
7/10

Malware Config

Targets

    • Target

      download

    • Size

      6KB

    • MD5

      3b33c11edb81868b3f3b44e3d35259ba

    • SHA1

      10dffa35af24d670b92b695cb355e15d2be4ee44

    • SHA256

      daf1c377fbc266ceb3cbf45620cbdcad927cac57189b0926d35e7a3d10ad47e4

    • SHA512

      015544cc0ef9f29351fb654707dd2d1c673c72a87acc1ffa2648286195d2fd7406324be8427bd9cc81deb526a9f2988334307f26151b143cee66f544766378f0

    • SSDEEP

      192:PN2VBWg6t8Ni0zxQSh0DBVky+YIki+yYew:Aqg6t8tzxhMkbYKeew

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Share Discovery

      Attempt to gather information on host network.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v16

Tasks