72b2ae05b10fd711e5a5f8cb2e241bc373db84b4fcbd420934d96c6fbe2a7941 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d.zip
Size

4.1MB
Sample

240325-yj6a3sbc5t
MD5

9d675dbf3d3f9d3f5b25fe92590bf176
SHA1

1bbefce7e456e144c1bf078b6b11d0a225d8a294
SHA256

72b2ae05b10fd711e5a5f8cb2e241bc373db84b4fcbd420934d96c6fbe2a7941
SHA512

570e568a7af465d790d81eab614f432abddf80d56cc397c893d1fd068204142f54b10f332b4778888407d04fcf11c43e8e333623172186a60ecc49a3837bd729
SSDEEP

98304:J5M7D8gqUSD9P3bQC8AKTFeOhQ1ZSgOKd5vTsN:uDwhD9P30C8AKTIOhW3/u

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d.exe
- Size
  
  12.6MB
- MD5
  
  037b72bd0844cb2ce886cd6442c03694
- SHA1
  
  242a11ac80b1370801169997fbf6265a412e61ec
- SHA256
  
  0caa772186814dbf84856293f102c7538980bcd31b70c1836be236e9fa05c48d
- SHA512
  
  a4ee635a38a3f781a6d8b4994eed2f3ba2102ce3085615914f6a8148bdd9351878dfa20fd11ba65379b9d7670b8d4246ac0083237318120a70a7ec6a841813e2
- SSDEEP
  
  98304:lS949otHsw/xmF4EMz5YA8/cwumyz5E/qfOeXtOqmSr2fvYFgaH3e:E2OtHswYxMHzq7v
Score

7^/10

pyinstaller
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2