ff01293179e68e27d27e339ee33d8c12ac61e8d653838cbb7c93a0e5a6060c22 | Triage

Sharing

General

Target

source_prepared.exe
Size

68.0MB
Sample

230402-wfbaeshf72
MD5

89f0073a7778c21fc7c234e894f5e6bc
SHA1

64432d391b909b2d5849b2ac333475462337950e
SHA256

ff01293179e68e27d27e339ee33d8c12ac61e8d653838cbb7c93a0e5a6060c22
SHA512

37a6821bfc884fefb68436227eaac692948ab4a37521f979532089936483b6c767f901f8fc5964622f5ccd2fee844fd756f1f101915a5559a62fe6314d9976c2
SSDEEP

1572864:Rs7nH46uMDhrRRsat9aAaWv/OHzDCd5cLCWePmS3:SLH46uMDhrPKAaZnCdgEB3

Score

7^/10

persistence pyinstaller

Malware Config

Targets

- Target
  
  source_prepared.exe
- Size
  
  68.0MB
- MD5
  
  89f0073a7778c21fc7c234e894f5e6bc
- SHA1
  
  64432d391b909b2d5849b2ac333475462337950e
- SHA256
  
  ff01293179e68e27d27e339ee33d8c12ac61e8d653838cbb7c93a0e5a6060c22
- SHA512
  
  37a6821bfc884fefb68436227eaac692948ab4a37521f979532089936483b6c767f901f8fc5964622f5ccd2fee844fd756f1f101915a5559a62fe6314d9976c2
- SSDEEP
  
  1572864:Rs7nH46uMDhrRRsat9aAaWv/OHzDCd5cLCWePmS3:SLH46uMDhrPKAaZnCdgEB3
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2