c203ce634a1d32ea10fbc654272e1a1e4aaf253a9fc45cc4204c695bab93364b | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.CrypterX-gen.4659.14211.exe
Size

793KB
Sample

230822-nvkteaca27
MD5

aac2eddf05510e3d8d9950399d7a6240
SHA1

5622f050b0c3d4ffe9f0d97d040add905096dbbe
SHA256

c203ce634a1d32ea10fbc654272e1a1e4aaf253a9fc45cc4204c695bab93364b
SHA512

2c79779a9fad6f64bce195f09ddc9e9a12e647ba10636a0948cadfb1f1c3ad18f06427b8afa4a7edf2c0d39efa0e9afceff8ef86b6bcee424b2f766b462fb7f8
SSDEEP

12288:hfnM0d31mZ+3fWw2svBd6mdyAh3VH5Jx3hozsxlNt8JJEVk0CAccX3eY2aI2OJiR:hfhlmZ+3/6mEArH5HHSQDI2O8p

Score

10^/10

persistence

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.parivartansandeshfoundation.com
Port:
587
Username:
[email protected]
Password:
Man84Book!@#

Targets

- Target
  
  SecuriteInfo.com.Win32.CrypterX-gen.4659.14211.exe
- Size
  
  793KB
- MD5
  
  aac2eddf05510e3d8d9950399d7a6240
- SHA1
  
  5622f050b0c3d4ffe9f0d97d040add905096dbbe
- SHA256
  
  c203ce634a1d32ea10fbc654272e1a1e4aaf253a9fc45cc4204c695bab93364b
- SHA512
  
  2c79779a9fad6f64bce195f09ddc9e9a12e647ba10636a0948cadfb1f1c3ad18f06427b8afa4a7edf2c0d39efa0e9afceff8ef86b6bcee424b2f766b462fb7f8
- SSDEEP
  
  12288:hfnM0d31mZ+3fWw2svBd6mdyAh3VH5Jx3hozsxlNt8JJEVk0CAccX3eY2aI2OJiR:hfhlmZ+3/6mEArH5HHSQDI2O8p
Score

10^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2