635d1c5473e2c81822bae98448796020eb58d8c96e88ada7d1f057c76caa0bbe | Triage

Sharing

General

Target

635d1c5473e2c81822bae98448796020eb58d8c96e88ada7d1f057c76caa0bbe
Size

92KB
Sample

221124-mca1taba81
MD5

4945ef159452ed31942b68bea5134c82
SHA1

c8b4e7887ea4490738606c27d67ef854c9059302
SHA256

635d1c5473e2c81822bae98448796020eb58d8c96e88ada7d1f057c76caa0bbe
SHA512

5a91b383628800332eed59f1c357fdbb37be4890b6227b80d55cbbe1b2baf06108a93b67313616a18b9d669b067da4463398f9292adee7332ec82bb2a5f42aed
SSDEEP

1536:wgLytff7/07BFmGCnUEebkFm8nJgObj8+L0AdryV0vvSfFXAbF3b:Q3mmpU350mSj8rjV03cFXW

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  fax20141311.scr
- Size
  
  152KB
- MD5
  
  5a9cf95f1bcbfab27697320d37a285fa
- SHA1
  
  bf3a1663e883a6cd5c6841b33560d82cf981760a
- SHA256
  
  d3a0814c13c1b5e4284dde67f3587f2dcd29f79dc321684ad8453fc7cd0c88d7
- SHA512
  
  156a7701aca6ebd2537927621916009f968a9a7602738b246e40a2fffd8132846de464c811fd8e29185a6e18deb22d8af4aa2231ca38cf07e94717bcc263bece
- SSDEEP
  
  3072:T0myVXzL23pim8Y4U0Ag0FugZmTWAkzQk1T8qrgp:wmWXzS3pim8Yr0AOAaXkD
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2