c3351ed578a3325f636754f94edb717f8a43b995fc4bd9b1c17b7ec5268ae542 | Triage

Resubmissions

01/05/2024, 00:31

240501-at4m8sdd56 7

01/05/2024, 00:25

240501-aqk2qadc88 7

Sharing

Copy URL Twitter E-mail

General

Target

Obligacion_esFiscal_esCKIMNQFMzpciIDUUIGKT.zip
Size

2.1MB
Sample

240501-at4m8sdd56
MD5

78e95b86596359e7cb118786a09ce141
SHA1

92ead9088c8c3d1f54b1e58205d82b6d160637b3
SHA256

c3351ed578a3325f636754f94edb717f8a43b995fc4bd9b1c17b7ec5268ae542
SHA512

65ee7b286c41d21231bc1e698c1b65168bb7b635004e979d628c2d5c41fc02a17e7926982a1f8b048fc37647fccad10fb19d4d60d64a03552d9b118e674dee69
SSDEEP

49152:Lz+rqVfWV7iok0OnbXzqkTxR4otqv4ENBdCgH4Tm7n4SUo:mrqVwI00OkTx2ot/AmgYCn4SUo

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Decla-raciones_IV_AZIXQcoogYRZYBRNABTSY.exe
- Size
  
  120.0MB
- MD5
  
  ca7b46f51ea90bc466e25a279ff5e884
- SHA1
  
  fbc256ab0d9868bd56d901570b3840825587dc1d
- SHA256
  
  e57557ad3aa52759f749420e21a48dcfa0879fe55fe2d4ff9dd686e846c73ddc
- SHA512
  
  08204efe85cd85f69081397b5fe87452ba6775b3299ce55f3f6267895ae91c33c5f9e2d01a389f9e9af2b92105fd643d7d09cfc42582f3d2a22aad1e3fe25244
- SSDEEP
  
  49152:dGyB1AmsirHouaOyPJDSImjVJnlkPU3xHYT/dEhYkmDdx92vZd8IcoJylfqJOlxK:wklJoub1ZHo/dRLcvZd8XoJylfqglb
Score

7^/10

persistence
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~UIYL8921fizf.xml
- Size
  
  16KB
- MD5
  
  281540d1f8212b1f227f35856e662d83
- SHA1
  
  1aba890ba43946b09bd18e6a3e54e7a414898220
- SHA256
  
  4f21a077f3bf918c1e0efe33cc5288bb4c6b3d0ee36be045fba9f9d5691cd6d2
- SHA512
  
  bdf777151fc767bf87dcb32534fb90da49b0ae10a21778fecf58cd25c73d4aa8404ddf2e3931abefc2d7d848f5ea182aa8e18dd1e78ad5c8f6b56d0672946777
- SSDEEP
  
  192:nxStOsfWdRLVWoWxly7wRTEHnhWgN7a0Wn9yKDUX01k9z3A0WB/hJsV:nkt7WdRLVWL/NEHRN7jpR9zfwhJsV
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2