158a4985e08706112199a8f982b2fb75ec9ed8f58cb99cb3d5074823b2ab7bc0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

newupdate_password_2227.rar
Size

3.8MB
Sample

230521-x5m6yseg9z
MD5

713c35c7033b1202f00aaea0820f2e55
SHA1

7e836b8b9d7bce3968bafea909a63d644691ffb7
SHA256

158a4985e08706112199a8f982b2fb75ec9ed8f58cb99cb3d5074823b2ab7bc0
SHA512

b3ce625c850f677d8d9308a744b34bf20a38649b7f09570046a12a1305a4f0fac15105bd699666123e6c34d339d27d593bdcb4a26a4735ef34b15def0d170858
SSDEEP

98304:qN0er0TVXC/6LxPyrjyP6HHvZMoIwb1eyuHU2UDkzAK+wCaXk7m9HiL:qOerExPLP6HHvCRM1QlOkziwPEL

Score

6^/10

Malware Config

Targets

- Target
  
  version_v319.exe
- Size
  
  260KB
- MD5
  
  52f350cea5575f37cba87b77077ecd74
- SHA1
  
  e555d3bcff68540d1f1f7224ea02527a85a55efa
- SHA256
  
  46fc1cb666edf0c70d2785f706339bdefd0b00dcc634349c2c1e15335af571c3
- SHA512
  
  691d9ec27bcc6acae472cf695e5fe915bec531498a0ac2d795cd51ac128bcea408a776ac851c02063a6496f3a00b4ab7c90b634721761698115f51fe20df20bc
- SSDEEP
  
  3072:NwxUVSyqezfy/aGNBNX/NOmkyNytxvG88RtmorCE8viSkNoWx1RAifkHnHhqI:SCZvfy1NBNXctxp8LruE2izzAicHHkI
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3