ec4cb2623fbc85bc3aabcad5a1ea93966cc2e61c653b993fa5104021cd0f54f1 | Triage

Sharing

General

Target

20A565943964AC488DCCCCB0F12092DB.exe
Size

343KB
Sample

221130-sy9zxsce49
MD5

20a565943964ac488dccccb0f12092db
SHA1

d9faa5107f89b543fe0514e2f04f2bb7ad38e176
SHA256

ec4cb2623fbc85bc3aabcad5a1ea93966cc2e61c653b993fa5104021cd0f54f1
SHA512

d033b52c8957a54ba4db5463cbfda607ad080861cce8c4d505bf5bdbd09bfe7a59b6d4af94514cd5b78c48fcf4739f9d2e46cd98c81097da6151e98454e6ab97
SSDEEP

3072:DQ8Jstxp5/YDHh8fzYQYwRVyv6MIWoy+hdEdZTpDbexB7sg+Rhtk7v:UBxpkhFQt4v67oA6rgsrIL

Score

10^/10

persistence phishing

Malware Config

Targets

- Target
  
  20A565943964AC488DCCCCB0F12092DB.exe
- Size
  
  343KB
- MD5
  
  20a565943964ac488dccccb0f12092db
- SHA1
  
  d9faa5107f89b543fe0514e2f04f2bb7ad38e176
- SHA256
  
  ec4cb2623fbc85bc3aabcad5a1ea93966cc2e61c653b993fa5104021cd0f54f1
- SHA512
  
  d033b52c8957a54ba4db5463cbfda607ad080861cce8c4d505bf5bdbd09bfe7a59b6d4af94514cd5b78c48fcf4739f9d2e46cd98c81097da6151e98454e6ab97
- SSDEEP
  
  3072:DQ8Jstxp5/YDHh8fzYQYwRVyv6MIWoy+hdEdZTpDbexB7sg+Rhtk7v:UBxpkhFQt4v67oA6rgsrIL
Score

10^/10

persistence phishing
- Detected phishing page
  phishing
- Drops startup file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

persistencephishing