c17363a0412c05428562de8abacad662e0e05dddfa4502a890d204b7d629d0ed | Triage

Sharing

General

Target

c17363a0412c05428562de8abacad662e0e05dddfa4502a890d204b7d629d0ed
Size

71KB
Sample

221124-egln4sag3z
MD5

d5636669844f9c21098d84a7de0db519
SHA1

bc992f5c8c9a5380700a9181b02be857e18366d4
SHA256

c17363a0412c05428562de8abacad662e0e05dddfa4502a890d204b7d629d0ed
SHA512

b3bfee419ae7e52d8bfcca6f389129dbb86963cb98cb15a5ab6bd648a77f59d392da095e0b2a31c6f004e3433bea3950da2f62806826e07b2e94230d11004e24
SSDEEP

1536:P27A7c3S43hr63yADDpwlytVup1NnEtEinQW6bX98/mBnDPg:PqNS481DdrUPnEtZH6bt8/mG

Score

10^/10

evasion trojan

Malware Config

Targets

- Target
  
  c17363a0412c05428562de8abacad662e0e05dddfa4502a890d204b7d629d0ed
- Size
  
  71KB
- MD5
  
  d5636669844f9c21098d84a7de0db519
- SHA1
  
  bc992f5c8c9a5380700a9181b02be857e18366d4
- SHA256
  
  c17363a0412c05428562de8abacad662e0e05dddfa4502a890d204b7d629d0ed
- SHA512
  
  b3bfee419ae7e52d8bfcca6f389129dbb86963cb98cb15a5ab6bd648a77f59d392da095e0b2a31c6f004e3433bea3950da2f62806826e07b2e94230d11004e24
- SSDEEP
  
  1536:P27A7c3S43hr63yADDpwlytVup1NnEtEinQW6bX98/mBnDPg:PqNS481DdrUPnEtZH6bt8/mG
Score

10^/10

evasion trojan
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Deletes itself
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2