17d8dc4f6931ece4a4da2d0ac7ccf8ebbb09cbd153aef1ee5e575656a9d95769 | Triage

Sharing

General

Target

12e66476395f8c1d0c457a7c13ae71df.zip
Size

662KB
Sample

210319-jz815r3ay6
MD5

a4d5bfbaedd923f04011197f66ae5863
SHA1

a952ae3befd3fc32128f3a39173c225320ec2ee8
SHA256

17d8dc4f6931ece4a4da2d0ac7ccf8ebbb09cbd153aef1ee5e575656a9d95769
SHA512

e89a5c2afd6569bae7ad96fb0189376f12027d76911219ef193db54c97e4c1f06124d88b46826d78b216c327acc83b3462142eb04ff269bcbd3983b60628069a

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  12e66476395f8c1d0c457a7c13ae71df
- Size
  
  737KB
- MD5
  
  12e66476395f8c1d0c457a7c13ae71df
- SHA1
  
  8cb6d53b8b238c0118a0b4748ec54c9aa49123b7
- SHA256
  
  9bf5a22089f0b74627320945df991bd1dfa37bf5522f8ecb61e5873bc6093f22
- SHA512
  
  7e80d1b0b45f2f076499d93ef1d810e4a5ad4a4fe5a7156de4cb1a1be1beb779d39912c802a1bead6bbae7f4ce6f8cf64d49441e0d4c12fc488f1d1d90b9150c
Score

7^/10

discovery persistence
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence