7a2984a582274d97b3eb24b6548865f3549813c606982610a121292671aa5004 | Triage

Sharing

General

Target

7a2984a582274d97b3eb24b6548865f3549813c606982610a121292671aa5004
Size

142KB
Sample

221125-x7trhsab75
MD5

2f8697713eeec7784863c1bf21e00d08
SHA1

be7506a336bbc08e65c4fbb006a56826e5411da9
SHA256

7a2984a582274d97b3eb24b6548865f3549813c606982610a121292671aa5004
SHA512

ebe0b892f8816a5c38a874b442a9e9f8dd81969b94ef63a611fe8b1bf0af6ff59c78065cce48d3e07bc2d844c0609823e61068acd576cb5b4a4338705ce1f2e3
SSDEEP

1536:BseyxDJOye1B5t64B8VzI7CKok/3e97SNsLUyq3B8l9wntZTBbEDSrX95fR:BseytJOygmqpo97SwlSnvTBbv

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7a2984a582274d97b3eb24b6548865f3549813c606982610a121292671aa5004
- Size
  
  142KB
- MD5
  
  2f8697713eeec7784863c1bf21e00d08
- SHA1
  
  be7506a336bbc08e65c4fbb006a56826e5411da9
- SHA256
  
  7a2984a582274d97b3eb24b6548865f3549813c606982610a121292671aa5004
- SHA512
  
  ebe0b892f8816a5c38a874b442a9e9f8dd81969b94ef63a611fe8b1bf0af6ff59c78065cce48d3e07bc2d844c0609823e61068acd576cb5b4a4338705ce1f2e3
- SSDEEP
  
  1536:BseyxDJOye1B5t64B8VzI7CKok/3e97SNsLUyq3B8l9wntZTBbEDSrX95fR:BseytJOygmqpo97SwlSnvTBbv
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2