a118bad62d2047fe8e2ad0cdb3aee9dd0be8daabd287e72e057531675feec3e8 | Triage

Sharing

General

Target

SecuriteInfo.com.FileRepMalware.30879.27903
Size

873KB
Sample

230823-bw4xfsad5s
MD5

caf76701dede999bd732180bfeb903d6
SHA1

9dc98f3c210b2b78381db8fb343b38383868f4e8
SHA256

a118bad62d2047fe8e2ad0cdb3aee9dd0be8daabd287e72e057531675feec3e8
SHA512

5263960477620ba81c5f8cdc9cb9961127074b1d80b1581d43a0079e85f543c1fb0230b1f31ce4e366f7d8878882ecd28b8ad89f075d4dc497899465100d716a
SSDEEP

12288:YZCeC1AgCsu2UL5Jb2k6woR6DSsijzmv4TsdqyL7W2NYpK/kumpP68rL9Um:AhC1yXLvR6wYsGzO/ahK/kumpP68rSm

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  SecuriteInfo.com.FileRepMalware.30879.27903
- Size
  
  873KB
- MD5
  
  caf76701dede999bd732180bfeb903d6
- SHA1
  
  9dc98f3c210b2b78381db8fb343b38383868f4e8
- SHA256
  
  a118bad62d2047fe8e2ad0cdb3aee9dd0be8daabd287e72e057531675feec3e8
- SHA512
  
  5263960477620ba81c5f8cdc9cb9961127074b1d80b1581d43a0079e85f543c1fb0230b1f31ce4e366f7d8878882ecd28b8ad89f075d4dc497899465100d716a
- SSDEEP
  
  12288:YZCeC1AgCsu2UL5Jb2k6woR6DSsijzmv4TsdqyL7W2NYpK/kumpP68rL9Um:AhC1yXLvR6wYsGzO/ahK/kumpP68rSm
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2