4eab6ff74803fe38704ba7cd524f32f90c9346a5c37f659bba916a232384a6a4 | Triage

Sharing

General

Target

4eab6ff74803fe38704ba7cd524f32f90c9346a5c37f659bba916a232384a6a4
Size

137KB
Sample

221123-vsvddscg7z
MD5

2a95c5a6b7d2918baa2e652ae3184cdd
SHA1

baf70ba6b17c15720b9d7cd1cdc9e1c4b53e0148
SHA256

4eab6ff74803fe38704ba7cd524f32f90c9346a5c37f659bba916a232384a6a4
SHA512

b058f537d4511d7a3b9cc84f2de211c2f5c299425610b6e3754a1e4ffbbf917512e4e5064b3251e008e835cf2d4d6becfede1307aefad77f108e260d56c99fa3
SSDEEP

1536:7+uAoFUlrkqG3p26gEOQBApzaSxI81jkfenLBKBJX8LYlo0yaI3EgcBCFEc5T8YH:6hNGujR9msKBdVyEgcBCFEAT8Y+e

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  4eab6ff74803fe38704ba7cd524f32f90c9346a5c37f659bba916a232384a6a4
- Size
  
  137KB
- MD5
  
  2a95c5a6b7d2918baa2e652ae3184cdd
- SHA1
  
  baf70ba6b17c15720b9d7cd1cdc9e1c4b53e0148
- SHA256
  
  4eab6ff74803fe38704ba7cd524f32f90c9346a5c37f659bba916a232384a6a4
- SHA512
  
  b058f537d4511d7a3b9cc84f2de211c2f5c299425610b6e3754a1e4ffbbf917512e4e5064b3251e008e835cf2d4d6becfede1307aefad77f108e260d56c99fa3
- SSDEEP
  
  1536:7+uAoFUlrkqG3p26gEOQBApzaSxI81jkfenLBKBJX8LYlo0yaI3EgcBCFEc5T8YH:6hNGujR9msKBdVyEgcBCFEAT8Y+e
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2