Analyzing the efile.com Malware "efail" - SANS Internet Storm Center
Tags
| country: | China |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | aa4f072f-3f3e-4607-a7ee-0cf89dc5abbf |
| Fingerprint | 20ed9dc1251705cb |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 4, 2023, midnight |
| Added to db | Oct. 24, 2023, 1:25 p.m. |
| Last updated | Nov. 17, 2024, 10:43 p.m. |
| Headline | Internet Storm Center |
| Title | Analyzing the efile.com Malware "efail" - SANS Internet Storm Center |
| Detected Hints/Tags/Attributes | 29/3/39 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 26 | efile.com |
|
| Details | Domain | 14 | pyinstxtractor.py |
|
| Details | Domain | 4 | www.infoamanewonliag.online |
|
| Details | Domain | 1 | runcode.read |
|
| Details | Domain | 1 | channel-platform.s3.ap-east-1.amazonaws.com |
|
| Details | Domain | 1 | infomanewonliag.online |
|
| Details | Domain | 71 | sans.edu |
|
| Details | File | 175 | update.exe |
|
| Details | File | 57 | installer.exe |
|
| Details | File | 14 | pyinstxtractor.py |
|
| Details | File | 3 | p.py |
|
| Details | File | 42 | request.url |
|
| Details | File | 384 | www.inf |
|
| Details | File | 3 | code.php |
|
| Details | File | 1 | installed.php |
|
| Details | File | 13 | error.php |
|
| Details | File | 17 | base64.url |
|
| Details | File | 40 | 7z.exe |
|
| Details | File | 1 | php.7z |
|
| Details | File | 37 | 1.php |
|
| Details | File | 1 | php.vbs |
|
| Details | File | 124 | os.sys |
|
| Details | File | 1 | c:\programdata\browsers\downloads\1.php |
|
| Details | File | 1 | c:\programdata\browsers\php\php.exe |
|
| Details | File | 1 | 'php.vbs |
|
| Details | File | 4 | 'update.exe |
|
| Details | sha256 | 1 | d4f545691c8441b5bcb86535b1d0fd16dc06786eb4080087588cd4d0f388d5ca |
|
| Details | sha256 | 1 | 882d95bdbca75ab9d13486e477ab76b3978e14d6fca30c11ec368f7e5fa1d0cb |
|
| Details | sha256 | 1 | 8ac52ca0792baf2a4075fe7c68e5cbe2262da604e2fcdfb9b39656430925c168 |
|
| Details | sha256 | 1 | 3771846f010fcad26d593ea3771bee7cf3dec4d7604a8c719cef500fbf491820 |
|
| Details | sha256 | 1 | 3033913c51e0bf9a13c7ad2d5a481e174a1a3f19041c339e6ac900824793a1c6 |
|
| Details | Url | 1 | https://www.infoamanewonliag.online/update/code.php?priv= |
|
| Details | Url | 1 | https://www.infoamanewonliag.online/update/installed.php |
|
| Details | Url | 1 | https://www.infoamanewonliag.online/update/error.php?detail= |
|
| Details | Url | 1 | https://channel-platform.s3.ap-east-1.amazonaws.com/package/7z.exe |
|
| Details | Url | 1 | https://channel-platform.s3.ap-east-1.amazonaws.com/package/php.7z |
|
| Details | Url | 1 | https://channel-platform.s3.ap-east-1.amazonaws.com/package/1.php |
|
| Details | Url | 1 | https://channel-platform.s3.ap-east-1.amazonaws.com/package/php.vbs |
|
| Details | Url | 1 | https://www.infoamanewonliag.online/api/query |