1522baa8a9bd62d6ab087f8d3129315ac97e2f715bcd4c06db32306de7b65eca | Triage

Sharing

General

Target

1522baa8a9bd62d6ab087f8d3129315ac97e2f715bcd4c06db32306de7b65eca
Size

104KB
Sample

221126-kysrmsaf4w
MD5

17f4394a5540e69a79b3c8cff3e1f225
SHA1

124cad1d2027c0a5c8a7fe2f9f5b6e9f03e712b5
SHA256

1522baa8a9bd62d6ab087f8d3129315ac97e2f715bcd4c06db32306de7b65eca
SHA512

6971bef0f4cbaf9601f485862ec60933fb5af33b8ccebe3308a538a1d1b75b697d9511a0d96bfba1979a43f2f3e3ab9dfcf1d9f75e1df9244c6649a2e1a9f668
SSDEEP

1536:L9UJfvpSmtj9yMV4x2NJ3Skf8G0pQxcmVzDijMWEx6JQR6KKNWzA0n:LmvpSmXyWNn8G0p4cm9DwMWEx0a5

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  1522baa8a9bd62d6ab087f8d3129315ac97e2f715bcd4c06db32306de7b65eca
- Size
  
  104KB
- MD5
  
  17f4394a5540e69a79b3c8cff3e1f225
- SHA1
  
  124cad1d2027c0a5c8a7fe2f9f5b6e9f03e712b5
- SHA256
  
  1522baa8a9bd62d6ab087f8d3129315ac97e2f715bcd4c06db32306de7b65eca
- SHA512
  
  6971bef0f4cbaf9601f485862ec60933fb5af33b8ccebe3308a538a1d1b75b697d9511a0d96bfba1979a43f2f3e3ab9dfcf1d9f75e1df9244c6649a2e1a9f668
- SSDEEP
  
  1536:L9UJfvpSmtj9yMV4x2NJ3Skf8G0pQxcmVzDijMWEx6JQR6KKNWzA0n:LmvpSmXyWNn8G0p4cm9DwMWEx0a5
Score

8^/10

persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2