исходник.exe

General
Target

исходник.exe

Filesize

2MB

Completed

27-01-2022 16:56

Score
6/10
MD5

cb267c252a42ed8e1de90463e2ab4013

SHA1

fcfc74cfc893c4b454cfcc190a51fc9e9b6b265b

SHA256

1ec0a7cf579b43db873c885bb6fcee2e082ef92fe423372acec2cab9bd9040c0

Malware Config
Signatures 2

Filter: none

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

    Reported IOCs

    flowioc
    4api.ipify.org
    5api.ipify.org
  • Suspicious use of AdjustPrivilegeToken
    исходник.exe

    Reported IOCs

    descriptionpidprocess
    Token: SeDebugPrivilege760исходник.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\исходник.exe
    "C:\Users\Admin\AppData\Local\Temp\исходник.exe"
    Suspicious use of AdjustPrivilegeToken
    PID:760
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/760-54-0x00000000003E0000-0x0000000000686000-memory.dmp

                          • memory/760-55-0x000000001B160000-0x000000001B1D6000-memory.dmp

                          • memory/760-56-0x000000001B2C0000-0x000000001B2C2000-memory.dmp