217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0 | Triage

Submit
Reports

Overview

overview

9

Static

static

217578d645...f0.exe

windows7-x64

9

217578d645...f0.exe

windows10-2004-x64

9

Sharing

General

Target

217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0
Size

490KB
Sample

221124-jgqqaacb7z
MD5

c97acce7fba9ef377caae5bdd63da38b
SHA1

fa3b805cb35a8316968d0fe3ba25cd7503ccc29e
SHA256

217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0
SHA512

029c35aba208cf6acf6597f20345b3ac18362ec5c1f7f38ba0bf4bad9d4141833b0d9a0232e40b4b718d5db6a2b647085562ea27652090e5f1e9668a38cba46c
SSDEEP

12288:FQxMWFxidBbJJjbesgg0oWB7OpbDH9adTl2aR42/vaq+8JG6:WMWFxid5TjFHdadTl2aOQCq+8JG6

Score

9^/10

persistence

Static task

static1

Behavioral task

behavioral1

Sample

217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0.exe

Resource

win7-20221111-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0
- Size
  
  490KB
- MD5
  
  c97acce7fba9ef377caae5bdd63da38b
- SHA1
  
  fa3b805cb35a8316968d0fe3ba25cd7503ccc29e
- SHA256
  
  217578d645084dfcde759d1d722faca1656383f359c77107e2470d538a3a4df0
- SHA512
  
  029c35aba208cf6acf6597f20345b3ac18362ec5c1f7f38ba0bf4bad9d4141833b0d9a0232e40b4b718d5db6a2b647085562ea27652090e5f1e9668a38cba46c
- SSDEEP
  
  12288:FQxMWFxidBbJJjbesgg0oWB7OpbDH9adTl2aR42/vaq+8JG6:WMWFxid5TjFHdadTl2aOQCq+8JG6
Score

9^/10

persistence
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy