54f32e3f2e544455d68d50a45a4e36e1cf5048885179dd23647136a2526eb7b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54f32e3f2e544455d68d50a45a4e36e1cf5048885179dd23647136a2526eb7b4_unpacked
Size

258KB
Sample

221026-174hhahdhm
MD5

2d785d45271c9f5062abf369030100f7
SHA1

bed8612d8cc2521f39a3f60b6c4fc12ccd2632bf
SHA256

54f32e3f2e544455d68d50a45a4e36e1cf5048885179dd23647136a2526eb7b4
SHA512

d4a0a58ccb6b80af43f18acbcb6c08e83f75270be30ee0fc672baacefd508c37795aa82a506508f4fdeb74ebe663ca00bce4043557f185675f595b3ba45f013f
SSDEEP

6144:tN3wtRU+a/GFRd9kIRT1Mx4oWfLxdUMgwWBhPvl:tNgvxLVRp2iwJwWHV

Score

7^/10

Malware Config

Targets

- Target
  
  54f32e3f2e544455d68d50a45a4e36e1cf5048885179dd23647136a2526eb7b4_unpacked
- Size
  
  258KB
- MD5
  
  2d785d45271c9f5062abf369030100f7
- SHA1
  
  bed8612d8cc2521f39a3f60b6c4fc12ccd2632bf
- SHA256
  
  54f32e3f2e544455d68d50a45a4e36e1cf5048885179dd23647136a2526eb7b4
- SHA512
  
  d4a0a58ccb6b80af43f18acbcb6c08e83f75270be30ee0fc672baacefd508c37795aa82a506508f4fdeb74ebe663ca00bce4043557f185675f595b3ba45f013f
- SSDEEP
  
  6144:tN3wtRU+a/GFRd9kIRT1Mx4oWfLxdUMgwWBhPvl:tNgvxLVRp2iwJwWHV
Score

7^/10
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2