47b148910d9f6a249142cf59ecd29f36602e5eb2a310b241523a32c42cef3c85 | Triage

Sharing

General

Target

47b148910d9f6a249142cf59ecd29f36602e5eb2a310b241523a32c42cef3c85
Size

81KB
Sample

221125-28eq7sdh56
MD5

ddc81840473fe3c90fe858b2644b7f60
SHA1

0bdd871549686ead74bc02892213a54ced390f7e
SHA256

47b148910d9f6a249142cf59ecd29f36602e5eb2a310b241523a32c42cef3c85
SHA512

70eaa157ef096bad72cde2b4d321c85cafb0a0752ab54758ef4799b35abbafce2c6d5589433137f3c844ef6d22cce4529df37ab180fe8cc1e84b55d015bffca0
SSDEEP

1536:I4Q1COWyGUGIEkjkcLXZFJUnhVWTM8wSvakDoK:IjCOVgIE+b6hVWTMzSykcK

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  47b148910d9f6a249142cf59ecd29f36602e5eb2a310b241523a32c42cef3c85
- Size
  
  81KB
- MD5
  
  ddc81840473fe3c90fe858b2644b7f60
- SHA1
  
  0bdd871549686ead74bc02892213a54ced390f7e
- SHA256
  
  47b148910d9f6a249142cf59ecd29f36602e5eb2a310b241523a32c42cef3c85
- SHA512
  
  70eaa157ef096bad72cde2b4d321c85cafb0a0752ab54758ef4799b35abbafce2c6d5589433137f3c844ef6d22cce4529df37ab180fe8cc1e84b55d015bffca0
- SSDEEP
  
  1536:I4Q1COWyGUGIEkjkcLXZFJUnhVWTM8wSvakDoK:IjCOVgIE+b6hVWTMzSykcK
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2