General
-
Target
empyreanExploits.exe
-
Size
17.8MB
-
Sample
240701-efl89ayemp
-
MD5
96697bbcf9e90ea5ae02faa85c3218ca
-
SHA1
967368589eb9b50c75985e06220805e48984a79b
-
SHA256
0c50ed1879a8e3706f9af3dabc78e1ed79b34202b9adcc258a4d96c4f6cfa8d0
-
SHA512
840e24846dcabd88cfc8735b2ab6d6de057126198d8c6eaec32b293237b87779e0def507edc5a594e360585ef24e4adeefacf9f4a7136ed1792ecb83fcf000a1
-
SSDEEP
393216:2qPnLFXlrPmQ8DOETgsvfGF2gUEvEtRC9+iVsq:bPLFXNOQhEzX9fI+8
Behavioral task
behavioral1
Sample
empyreanExploits.exe
Resource
win11-20240611-en
Malware Config
Targets
-
-
Target
empyreanExploits.exe
-
Size
17.8MB
-
MD5
96697bbcf9e90ea5ae02faa85c3218ca
-
SHA1
967368589eb9b50c75985e06220805e48984a79b
-
SHA256
0c50ed1879a8e3706f9af3dabc78e1ed79b34202b9adcc258a4d96c4f6cfa8d0
-
SHA512
840e24846dcabd88cfc8735b2ab6d6de057126198d8c6eaec32b293237b87779e0def507edc5a594e360585ef24e4adeefacf9f4a7136ed1792ecb83fcf000a1
-
SSDEEP
393216:2qPnLFXlrPmQ8DOETgsvfGF2gUEvEtRC9+iVsq:bPLFXNOQhEzX9fI+8
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1