Analysis of WellMail malware's Command and Control (C2) server
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 35ed5c85-5990-4df6-81eb-02f1f7f4a251 |
| Fingerprint | 259d8d580abaa592 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 17, 2020, midnight |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:45 p.m. |
| Headline | Analysis of WellMail malware's Command and Control (C2) server |
| Title | Analysis of WellMail malware's Command and Control (C2) server |
| Detected Hints/Tags/Attributes | 63/2/22 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | mail.sh |
|
| Details | Domain | 5 | agent.sh |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | File | 12 | server.crt |
|
| Details | File | 26 | os.exe |
|
| Details | File | 1 | sangforpromote.exe |
|
| Details | md5 | 1 | d5c26128127f2fac6e3ff2c87b473d74 |
|
| Details | md5 | 1 | 3293b12b7622f484b69819217ed8af85 |
|
| Details | sha1 | 1 | 52c6651b6bd0c5940fd0de8e885f5ef8d0292142 |
|
| Details | sha1 | 1 | 5e0b5869d98c93cd7f7d925f04a49bd638590ec0 |
|
| Details | sha256 | 1 | 93e71fa0f4c5909a5b69033ac39b4664d10e9ed35fa995cf797e3a9990fbb751 |
|
| Details | sha256 | 1 | 85e72976b9448295034a8d4c26462b8f1ebe1ca0a4e4b897c7f2404d0de948c2 |
|
| Details | IPv4 | 79 | 1.2.3.4 |
|
| Details | IPv4 | 2 | 111.90.150.140 |
|
| Details | MITRE ATT&CK Techniques | 695 | T1059 |
|
| Details | MITRE ATT&CK Techniques | 444 | T1071 |
|
| Details | MITRE ATT&CK Techniques | 96 | T1132 |
|
| Details | MITRE ATT&CK Techniques | 422 | T1041 |
|
| Details | Url | 1 | https://attack.mitre.org/techniques/t1059/004 |
|
| Details | Url | 6 | https://attack.mitre.org/techniques/t1071/001 |
|
| Details | Url | 6 | https://attack.mitre.org/techniques/t1132/001 |
|
| Details | Url | 7 | https://attack.mitre.org/techniques/t1041 |