327faee10eb440a2dfbaed6fc7acb563b364e58aa920f318fcedcb7225e40467 | Triage

Sharing

General

Target

327faee10eb440a2dfbaed6fc7acb563b364e58aa920f318fcedcb7225e40467
Size

99KB
Sample

221125-x7m9qsab62
MD5

aeb001c0ad849f513eeaabf035ad3cdd
SHA1

9629daaf2fea86d645b5a09d1d61bbb96bc9cd80
SHA256

327faee10eb440a2dfbaed6fc7acb563b364e58aa920f318fcedcb7225e40467
SHA512

99d49986d7b9d42710ac329d091adabedf7cef38a57a273ee0927b74daf272acce320a610d78fee268d2ae19982f80830a16cb49ccfbc01cb882178ed54b1086
SSDEEP

1536:VP/eJjJifnHufeMPykoEU4T7JhHWELKNaeRlriYmljvkWwLobkT+:VP/2NeHufu4T7DHW3XriYmljOLobS+

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  327faee10eb440a2dfbaed6fc7acb563b364e58aa920f318fcedcb7225e40467
- Size
  
  99KB
- MD5
  
  aeb001c0ad849f513eeaabf035ad3cdd
- SHA1
  
  9629daaf2fea86d645b5a09d1d61bbb96bc9cd80
- SHA256
  
  327faee10eb440a2dfbaed6fc7acb563b364e58aa920f318fcedcb7225e40467
- SHA512
  
  99d49986d7b9d42710ac329d091adabedf7cef38a57a273ee0927b74daf272acce320a610d78fee268d2ae19982f80830a16cb49ccfbc01cb882178ed54b1086
- SSDEEP
  
  1536:VP/eJjJifnHufeMPykoEU4T7JhHWELKNaeRlriYmljvkWwLobkT+:VP/2NeHufu4T7DHW3XriYmljOLobS+
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2