1c8d4cb6601e1ababf408445e8fae0abb75e0f483c37e888c3d35f426f2383b5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e3784db49544dca148dfc60004578da6.bin
Size

9KB
Sample

230823-cfjr1saf2z
MD5

62e181174dff084e78f37a55c90b5420
SHA1

d2f26ccbb9dcda0ba54596526e442c6c300ef596
SHA256

1c8d4cb6601e1ababf408445e8fae0abb75e0f483c37e888c3d35f426f2383b5
SHA512

cd99fcfc63d288fc0d17727756ae5a983e5dd8eae66addd4a176fc7e11e8a2de560df93fe38c5427b85b61cfd89a64af22558a6f3a1d05d8e858655c23068013
SSDEEP

192:JT7cbP64QL7GAfVRwGKLjPEnQtq4mFL2k4kSsxUThk:1sPnT6rwGwPDhmN2k0T1k

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  2627e96c1ea96adf04b4709b5cdb2fe6b9cd9b82ff959cdde4e61a4acb9cbf4d.exe
- Size
  
  17KB
- MD5
  
  e3784db49544dca148dfc60004578da6
- SHA1
  
  046e167ad1e2908974946bd61ea96b8361090a79
- SHA256
  
  2627e96c1ea96adf04b4709b5cdb2fe6b9cd9b82ff959cdde4e61a4acb9cbf4d
- SHA512
  
  f87a67da8d683b2be2b66c0e43e580c90f644b35c38945c1f9a42027fa3ddb816877313fbd7e5d827b971b6dd3536f0541ea40984ebe896a2cdb66fc0200f86d
- SSDEEP
  
  384:txClkRSuWfTlAuihndj/fLC/RHfIbfI3uk/QaaslwCz:Xa7lAuCRbC/R/IqCCz
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2