4d0bdffbaf8b92803782672861029a8a05923cdbf7a66a9cc56fb08c4c2f4b57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4d0bdffbaf8b92803782672861029a8a05923cdbf7a66a9cc56fb08c4c2f4b57_JC.exe
Size

98KB
Sample

230820-smv2maga58
MD5

a0cad95d0e988a1c252ff15c4f1831e6
SHA1

fc492ec18164f4b5d0de8dbdac285c2ba90c9a65
SHA256

4d0bdffbaf8b92803782672861029a8a05923cdbf7a66a9cc56fb08c4c2f4b57
SHA512

d0e6718a5b5332b41e829a927da644db2486f0dc96b580855baf01e9c534fd73951e126c859763a36ee25a0dc7409b9a60b46591c5f067ed7f3eaec185bb4cd7
SSDEEP

3072:mg7Xjd4cUB+R1YCp9mP7IHJDeWJaCd/GRFpS3lg0aXfJWKq:mg7Xjd4cUAR1YM9mP7IHJDeWJaCd/GRP

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  4d0bdffbaf8b92803782672861029a8a05923cdbf7a66a9cc56fb08c4c2f4b57_JC.exe
- Size
  
  98KB
- MD5
  
  a0cad95d0e988a1c252ff15c4f1831e6
- SHA1
  
  fc492ec18164f4b5d0de8dbdac285c2ba90c9a65
- SHA256
  
  4d0bdffbaf8b92803782672861029a8a05923cdbf7a66a9cc56fb08c4c2f4b57
- SHA512
  
  d0e6718a5b5332b41e829a927da644db2486f0dc96b580855baf01e9c534fd73951e126c859763a36ee25a0dc7409b9a60b46591c5f067ed7f3eaec185bb4cd7
- SSDEEP
  
  3072:mg7Xjd4cUB+R1YCp9mP7IHJDeWJaCd/GRFpS3lg0aXfJWKq:mg7Xjd4cUAR1YM9mP7IHJDeWJaCd/GRP
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2