Overview

overview

8

Static

static

1

SecuriteIn...80.exe

windows7-x64

8

SecuriteIn...80.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win64.PWSX-gen.29890.2280.exe

  • Size

    1.1MB

  • Sample

    230328-jdjskabd7s

  • MD5

    f91e53e0379eac34c222de4a46588cf1

  • SHA1

    523d61b31dd1104a20bbd04e3f4c30729191af64

  • SHA256

    35a7141973dd708723ae711b94f845d36740f2613d4f94dde3aa9c75519f0975

  • SHA512

    52789dfa07b6d8f1a0e843eae9f1f50c49d31059f22b3c01457315f7cd3738db4cbaef089419c0fd47900d979e611c1916141fdc1bb7cdc2e7faedd7eb4c6c92

  • SSDEEP

    24576:MOp5uo31uJ1xQ/YNuZb4c9JsJchzWN82fRwFceVXmgNbo6qYfQD:Dg0gHQuuGSLhjwhMo6qYfi

Score
8/10
collectionpersistence

Malware Config

Targets

    • Target

      SecuriteInfo.com.Win64.PWSX-gen.29890.2280.exe

    • Size

      1.1MB

    • MD5

      f91e53e0379eac34c222de4a46588cf1

    • SHA1

      523d61b31dd1104a20bbd04e3f4c30729191af64

    • SHA256

      35a7141973dd708723ae711b94f845d36740f2613d4f94dde3aa9c75519f0975

    • SHA512

      52789dfa07b6d8f1a0e843eae9f1f50c49d31059f22b3c01457315f7cd3738db4cbaef089419c0fd47900d979e611c1916141fdc1bb7cdc2e7faedd7eb4c6c92

    • SSDEEP

      24576:MOp5uo31uJ1xQ/YNuZb4c9JsJchzWN82fRwFceVXmgNbo6qYfQD:Dg0gHQuuGSLhjwhMo6qYfi

    Score
    8/10
    persistencecollection

    • Sets service image path in registry

      persistence

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks