2cc5f31570047becc5e77581e2f640afba8d6904c6be61105603d60d01c181d0

Analysis

max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 03:05

Target

25b01b6f282806ad99486c3d072e5bfd.exe
Size

9.1MB
MD5

25b01b6f282806ad99486c3d072e5bfd
SHA1

c2ab46c1a27ecf22dcf17cffca96ae2ff56db740
SHA256

2cc5f31570047becc5e77581e2f640afba8d6904c6be61105603d60d01c181d0
SHA512

b35a0a8966a90919ead835eef4a563ff79e70eeab92ac2ef2139b7e939a5e8c6ee8177e2fdee515a7230c1806d52251de4d92d9090b657f0654831c7fde662de
SSDEEP

196608:PvlQF2xHG9mT5kszFw1d4zZkxaZzDaC0b8LP3gt8lKKVURWw/RNKE5N:3l02g9E5kszq4zZqwzD30biPwIK144RT

Score

6^/10

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	ip-api.com

Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact