2d9819ba763d5e37c2fa27a4632b1035f26e40e9ab82b3c652b4db7f5575753a | Triage

Sharing

General

Target

373f3b4c6384e44a595e9662abbd7978.7e24b5c89b8bf1667ea460d4f9ba143c8aa42557.primary_analysis_subject
Size

1.0MB
Sample

211021-29ykpsbggn
MD5

373f3b4c6384e44a595e9662abbd7978
SHA1

7e24b5c89b8bf1667ea460d4f9ba143c8aa42557
SHA256

2d9819ba763d5e37c2fa27a4632b1035f26e40e9ab82b3c652b4db7f5575753a
SHA512

116bab476eea3e2e1368ef1d662cf64fdb1848b488cd0498ed152b4babd58f9158e8a21260794bc6c7f726452a15797e189f9cfb9613067d2e988387a9c15c2b

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  373f3b4c6384e44a595e9662abbd7978.7e24b5c89b8bf1667ea460d4f9ba143c8aa42557.primary_analysis_subject
- Size
  
  1.0MB
- MD5
  
  373f3b4c6384e44a595e9662abbd7978
- SHA1
  
  7e24b5c89b8bf1667ea460d4f9ba143c8aa42557
- SHA256
  
  2d9819ba763d5e37c2fa27a4632b1035f26e40e9ab82b3c652b4db7f5575753a
- SHA512
  
  116bab476eea3e2e1368ef1d662cf64fdb1848b488cd0498ed152b4babd58f9158e8a21260794bc6c7f726452a15797e189f9cfb9613067d2e988387a9c15c2b
Score

8^/10

persistence
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2