6165633db426dc0c771c421eafa6107fedd308fab3cfc8021fa532696c51a13e | Triage

Resubmissions

08/02/2023, 13:29

230208-qrqatsba99 1

08/02/2023, 13:16

230208-qhykvaad2s 7

08/02/2023, 13:12

230208-qfttwaac7z 6

Sharing

Copy URL Twitter E-mail

General

Target

Payment For carrier.shtml
Size

6KB
Sample

230208-qhykvaad2s
MD5

1473c9f6b0d9721eed68d4014534ba77
SHA1

8d302d3fc4f8e43de82b32d46fe4c6f81ea35d7a
SHA256

6165633db426dc0c771c421eafa6107fedd308fab3cfc8021fa532696c51a13e
SHA512

ade27e2ccd461f68b310f01c310149c94307f7ad3c8db8159bcd61df25333ad2b8dd941282bfd80af322d78c9a418b12a087e432fd61b9aaffb3bbfe712cd5e8
SSDEEP

96:ZKqCF1clhbMiCNJwbI62PgGR2K41zmgENJwbI62PgGR2K41zoBEyH0U:Z8FWhRUUTGwK6zWUTGwK6zGvHf

Score

7^/10

Malware Config

Targets

- Target
  
  Payment For carrier.shtml
- Size
  
  6KB
- MD5
  
  1473c9f6b0d9721eed68d4014534ba77
- SHA1
  
  8d302d3fc4f8e43de82b32d46fe4c6f81ea35d7a
- SHA256
  
  6165633db426dc0c771c421eafa6107fedd308fab3cfc8021fa532696c51a13e
- SHA512
  
  ade27e2ccd461f68b310f01c310149c94307f7ad3c8db8159bcd61df25333ad2b8dd941282bfd80af322d78c9a418b12a087e432fd61b9aaffb3bbfe712cd5e8
- SSDEEP
  
  96:ZKqCF1clhbMiCNJwbI62PgGR2K41zmgENJwbI62PgGR2K41zoBEyH0U:Z8FWhRUUTGwK6zWUTGwK6zGvHf
Score

7^/10
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1