b74265ebe4c336743c7864396061dc11ccc14fa3b06a9e3808ab6abbb457c629 | Triage

Sharing

General

Target

a1s-root1=email_banfield_2024_05_28_19_API-4Vphnf60QLz18Glc-2024-05-28T19_06_30.eml.infected
Size

22KB
Sample

240528-yj75nshg4z
MD5

f1f4f17d44c0a843c8ad498c535fa6a2
SHA1

20490a6ac8c30ade607b32e45ed231883e143fbf
SHA256

b74265ebe4c336743c7864396061dc11ccc14fa3b06a9e3808ab6abbb457c629
SHA512

488b12dea636b1e793931635a2908093f84781dedc1e666ab10e1595c32b55b4d01ec53686db300b0eebb69b43c6c559e7bc961084213dffae73c16c8a56bf29
SSDEEP

384:Fl3IjaeGz+kayLXN7xDCu4K3IJIaerSp+0C5hiY/kpI3e9jNEB0dEQUNQ8Jr:sAF09JY/x3ecB0RIJr

Score

6^/10

Malware Config

Targets

- Target
  
  attachment-1
- Size
  
  455B
- MD5
  
  61d1d910a03a4b8892a69e00b103263b
- SHA1
  
  4cb454b78f473821bb8e43b62f35856036358df6
- SHA256
  
  ac5dd3f8d68e1c5be4b5c0b67dbab7d97dbd0fb94816700af4c1f2c12b08d653
- SHA512
  
  2faab5cc24b0a476162413004ba378343f77d1f6921a76b22f4f25eedb38843c70f2b7ae3cbf35508cd79a49ff7d9582474f16f4b51d6677f2eaa7ccb3303f3f
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2