35063285fbb903f7349685e4263b25d0124fd087ba2a708202f7782de46d8252 | Triage

Sharing

General

Target

35063285fbb903f7349685e4263b25d0124fd087ba2a708202f7782de46d8252
Size

90KB
Sample

221126-kyqx2saf4t
MD5

db835bba2dafa1729db620b908f5e70f
SHA1

5cb5d095875e2d6e46eacc03c12bbc4189c138e2
SHA256

35063285fbb903f7349685e4263b25d0124fd087ba2a708202f7782de46d8252
SHA512

bcbd75978c152ddbbe72b201e5f68bbd9807690d5f9f839481e53852c36a65cbe804f9845762c363a78cc270eccb6bb5a1a1e7df2800cd205ed0df7dd7c8ca0b
SSDEEP

1536:DrhPDpRvH4RqIL8kh3eyT/uWEC7qthGEmOjq5Rj5f:DrBDpRvY+yqqE/j+R

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  35063285fbb903f7349685e4263b25d0124fd087ba2a708202f7782de46d8252
- Size
  
  90KB
- MD5
  
  db835bba2dafa1729db620b908f5e70f
- SHA1
  
  5cb5d095875e2d6e46eacc03c12bbc4189c138e2
- SHA256
  
  35063285fbb903f7349685e4263b25d0124fd087ba2a708202f7782de46d8252
- SHA512
  
  bcbd75978c152ddbbe72b201e5f68bbd9807690d5f9f839481e53852c36a65cbe804f9845762c363a78cc270eccb6bb5a1a1e7df2800cd205ed0df7dd7c8ca0b
- SSDEEP
  
  1536:DrhPDpRvH4RqIL8kh3eyT/uWEC7qthGEmOjq5Rj5f:DrBDpRvY+yqqE/j+R
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2