0599cff71aa2cd26c4dd7906a3e15ec340ebb52de0848e93c8f77ec9edea3e1e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

uo4orj.7z
Size

44KB
Sample

230803-nw8a4aec4v
MD5

13cc0500b8314c8298c575dda0b3b9d2
SHA1

66d4407abe80a88cede902121f6dcb16d13eb605
SHA256

0599cff71aa2cd26c4dd7906a3e15ec340ebb52de0848e93c8f77ec9edea3e1e
SHA512

dede7343b1387e660216ed1e488fc576d2b0135f2ac4c0d076ab1f1db47f2a72f5913433f03d82ffebb9948f6a1d957375ad200398f2ee476232c91cf0948c3f
SSDEEP

768:qalF3feaWZWMDmkVS3jHMGPLIgv/s7U4OHUNuV+cKj/6rmssrSK:pPWHiI4jPPJ4cbRqZsA

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  Doc07133180pdf.exe
- Size
  
  113KB
- MD5
  
  044783f5324d61fef63a222763f1d597
- SHA1
  
  234958983f3612e17b67cf47581c32a301908f52
- SHA256
  
  b329ff974dcec493ccd4e8f8a5e5fd9a74946bf543af6d83f47a02088ed67f85
- SHA512
  
  2f014a15ada6b5ba1e7757825730677588ea771627573a024955f66119cec59e7ee16e5cdacea96a1e10bbae49264a49642ec2e05bcc66e67018bbcfd7e93ca3
- SSDEEP
  
  3072:fY4enlFOcPnFYSFBGRuu8lPRogueR5FpcTJ98EdtmF8gfoo9yu:Q4cFDPeSFBuyXR5HcT
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2