130fada653adac3394365a2d58923856d2e8248b7ef1da69d1063b24d9671804 | Triage

Sharing

General

Target

yes.exe
Size

70.2MB
Sample

240525-ra7dfsfe29
MD5

9cfa926a1e7828266b7f75ae8c23f096
SHA1

4c8755cad0e1415d8df762e5942582ccdcfbc4ea
SHA256

130fada653adac3394365a2d58923856d2e8248b7ef1da69d1063b24d9671804
SHA512

f232181e8ee3b5ae3cdcddaff3729624e83c7940233903da997a23e6ed7ba8fe51e35bb507b3b52fa74699d08a561652cf6f9597b63e68d6aa57f2bc1db1b11e
SSDEEP

1572864:lYQtvpXFP/V4f6Gj53ikjt4jRq2GqFOPV58W+eHU2qHWB75izWm/mlWA2zSJ9gQ:C6t/VG6RmtCRlGPrXk2qHO5iqzv2GJ9g

Score

7^/10

persistence pyinstaller

Malware Config

Targets

- Target
  
  yes.exe
- Size
  
  70.2MB
- MD5
  
  9cfa926a1e7828266b7f75ae8c23f096
- SHA1
  
  4c8755cad0e1415d8df762e5942582ccdcfbc4ea
- SHA256
  
  130fada653adac3394365a2d58923856d2e8248b7ef1da69d1063b24d9671804
- SHA512
  
  f232181e8ee3b5ae3cdcddaff3729624e83c7940233903da997a23e6ed7ba8fe51e35bb507b3b52fa74699d08a561652cf6f9597b63e68d6aa57f2bc1db1b11e
- SSDEEP
  
  1572864:lYQtvpXFP/V4f6Gj53ikjt4jRq2GqFOPV58W+eHU2qHWB75izWm/mlWA2zSJ9gQ:C6t/VG6RmtCRlGPrXk2qHO5iqzv2GJ9g
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2