3588657707cd5b04586693c6600be0159b321b258f48953f824faa876f6b8566 | Triage

Sharing

General

Target

3588657707cd5b04586693c6600be0159b321b258f48953f824faa876f6b8566
Size

342KB
Sample

221124-rj5k8adb41
MD5

5ebe890f034f15d9500328551b76a01e
SHA1

2fc9e09b764591978cb7edcd4c155d2d20f2da20
SHA256

3588657707cd5b04586693c6600be0159b321b258f48953f824faa876f6b8566
SHA512

482fe0414bd3fc823e346ff8a59c6530dae7d0079edb97f4f031dd8c4638ade0750c33361f89d1c03d7d424aeba7d7d9240d54cec6e153a2549621a5cf55182f
SSDEEP

6144:fYncu6kceklClbcoalo5Be/fYtYRy1djmGmq780TB1Suc5N8haWI7GgtnE1rbtGM:fPu6kvkl4oNo5BcfkYRk6GvSuBUb7GgQ

Score

8^/10

Malware Config

Targets

- Target
  
  3588657707cd5b04586693c6600be0159b321b258f48953f824faa876f6b8566
- Size
  
  342KB
- MD5
  
  5ebe890f034f15d9500328551b76a01e
- SHA1
  
  2fc9e09b764591978cb7edcd4c155d2d20f2da20
- SHA256
  
  3588657707cd5b04586693c6600be0159b321b258f48953f824faa876f6b8566
- SHA512
  
  482fe0414bd3fc823e346ff8a59c6530dae7d0079edb97f4f031dd8c4638ade0750c33361f89d1c03d7d424aeba7d7d9240d54cec6e153a2549621a5cf55182f
- SSDEEP
  
  6144:fYncu6kceklClbcoalo5Be/fYtYRy1djmGmq780TB1Suc5N8haWI7GgtnE1rbtGM:fPu6kvkl4oNo5BcfkYRk6GvSuBUb7GgQ
Score

8^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1