Overview

overview

6

Static

static

1cd60e5192...61.exe

windows7_x64

6

1cd60e5192...61.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cd60e5192988ae5841a861ef8c45a61.exe

  • Size

    643KB

  • Sample

    210714-jn7y8fqgt2

  • MD5

    1cd60e5192988ae5841a861ef8c45a61

  • SHA1

    3c6fe7b6885dadd5820710082b5e07f0f0c31a8f

  • SHA256

    4f5eb87739916022c23a6291aaac32e86cef1d92cd9bcf67ec0ed357f1672ca1

  • SHA512

    dff8d5c7c0e10deed78f911e8e4b4b0ef9e5d94ea8d85777c3711efb7fefc5f5dd93eb0589b60c92d0cf1962eccac810cd4d2a0aa87ec1e9a1bd350b17e07442

Score
6/10
persistence

Malware Config

Targets

    • Target

      1cd60e5192988ae5841a861ef8c45a61.exe

    • Size

      643KB

    • MD5

      1cd60e5192988ae5841a861ef8c45a61

    • SHA1

      3c6fe7b6885dadd5820710082b5e07f0f0c31a8f

    • SHA256

      4f5eb87739916022c23a6291aaac32e86cef1d92cd9bcf67ec0ed357f1672ca1

    • SHA512

      dff8d5c7c0e10deed78f911e8e4b4b0ef9e5d94ea8d85777c3711efb7fefc5f5dd93eb0589b60c92d0cf1962eccac810cd4d2a0aa87ec1e9a1bd350b17e07442

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Exfiltration

Command and Control

Impact

Tasks