a90ca15d3c601ae18f82601cfa311ff92405877087ff5566b365799ba05466eb | Triage

Resubmissions

05-11-2023 15:00

231105-sdsvxahf57 10

05-11-2023 14:58

231105-sb9qmsfg2v 7

Sharing

General

Target

danger.siski
Size

17.3MB
Sample

231105-sb9qmsfg2v
MD5

7aff5c8e1a98cda8d462565511a5bc2d
SHA1

4703377360e523fae14e0c09aa1a05af040ccc91
SHA256

a90ca15d3c601ae18f82601cfa311ff92405877087ff5566b365799ba05466eb
SHA512

bbbc8ccbc6a2fcea0949c4a27ac935310c4b6c8175521c4db0753c0e440c8d9eb58c99996f0bb5d42e02bbd4c6b4f21530abe43add04d58e89f35471f1db909f
SSDEEP

393216:7eYCTfyWo1HwlNwakK/Aze071Sxs9PHPN4s+Fhh1:bCDyWEHs3kv7Iy9Pe/

Score

7^/10

Malware Config

Targets

- Target
  
  danger.siski
- Size
  
  17.3MB
- MD5
  
  7aff5c8e1a98cda8d462565511a5bc2d
- SHA1
  
  4703377360e523fae14e0c09aa1a05af040ccc91
- SHA256
  
  a90ca15d3c601ae18f82601cfa311ff92405877087ff5566b365799ba05466eb
- SHA512
  
  bbbc8ccbc6a2fcea0949c4a27ac935310c4b6c8175521c4db0753c0e440c8d9eb58c99996f0bb5d42e02bbd4c6b4f21530abe43add04d58e89f35471f1db909f
- SSDEEP
  
  393216:7eYCTfyWo1HwlNwakK/Aze071Sxs9PHPN4s+Fhh1:bCDyWEHs3kv7Iy9Pe/
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3