21bde816285bdac8701e0143c1ae47f1fbee03c90b2cb3b9745740141ce7d51e | Triage

Sharing

General

Target

21bde816285bdac8701e0143c1ae47f1fbee03c90b2cb3b9745740141ce7d51e
Size

206KB
Sample

200709-g5teqhm392
MD5

c3b9975b7840866bd3a00265804ca5a7
SHA1

e14304e60e56483b20776b7b49952e1fa47f0944
SHA256

21bde816285bdac8701e0143c1ae47f1fbee03c90b2cb3b9745740141ce7d51e
SHA512

21de227cfdcf118102bc2156b347ae5b62e9e57a81fa08dbd9aa221694e48074f399b0d84e7a9fcbf81aebbedc09423828033c7f0666ee1704a3fa71c550cd4a

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  21bde816285bdac8701e0143c1ae47f1fbee03c90b2cb3b9745740141ce7d51e
- Size
  
  206KB
- MD5
  
  c3b9975b7840866bd3a00265804ca5a7
- SHA1
  
  e14304e60e56483b20776b7b49952e1fa47f0944
- SHA256
  
  21bde816285bdac8701e0143c1ae47f1fbee03c90b2cb3b9745740141ce7d51e
- SHA512
  
  21de227cfdcf118102bc2156b347ae5b62e9e57a81fa08dbd9aa221694e48074f399b0d84e7a9fcbf81aebbedc09423828033c7f0666ee1704a3fa71c550cd4a
Score

8^/10

persistence
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2