45c3930356f5a8732c94b5537bae3dd189d16723baf8f83cfcfe8a46bcf6c24d | Triage

Sharing

General

Target

45c3930356f5a8732c94b5537bae3dd189d16723baf8f83cfcfe8a46bcf6c24d
Size

595KB
Sample

221125-clhf5sgh5w
MD5

f03b31f9d5986d0b49023d100da49a6a
SHA1

94259f42b60a39f9c005fca06a87d6a5ea7da935
SHA256

45c3930356f5a8732c94b5537bae3dd189d16723baf8f83cfcfe8a46bcf6c24d
SHA512

499bbfbaf26de60788b47b45c9eacf84a1336ea2bdc7700b79a6e1fd2c2d4a24e8b6f07b0d4c5fde6ccce942635a35e91c9dc7605a17875d2a0cba0edcba453b
SSDEEP

12288:FawQOKK2MnhvfxNfCtx61xf31V3X/4Sm3maoxnr8k66gRhygrndsnAgW:FkZK2uZfx4tcnFV3XQwt8kBg/ygrnU5W

Score

8^/10

evasion

Malware Config

Targets

- Target
  
  45c3930356f5a8732c94b5537bae3dd189d16723baf8f83cfcfe8a46bcf6c24d
- Size
  
  595KB
- MD5
  
  f03b31f9d5986d0b49023d100da49a6a
- SHA1
  
  94259f42b60a39f9c005fca06a87d6a5ea7da935
- SHA256
  
  45c3930356f5a8732c94b5537bae3dd189d16723baf8f83cfcfe8a46bcf6c24d
- SHA512
  
  499bbfbaf26de60788b47b45c9eacf84a1336ea2bdc7700b79a6e1fd2c2d4a24e8b6f07b0d4c5fde6ccce942635a35e91c9dc7605a17875d2a0cba0edcba453b
- SSDEEP
  
  12288:FawQOKK2MnhvfxNfCtx61xf31V3X/4Sm3maoxnr8k66gRhygrndsnAgW:FkZK2uZfx4tcnFV3XQwt8kBg/ygrnU5W
Score

8^/10

evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2