5cf28d1b370198e76b06cf7859538feaf3cad073966e38f8573318e1b2259d2c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

winapi.exe
Size

9.5MB
Sample

240614-x6rkrswhrl
MD5

7a2ec7f48de7045598e84d9a6c0d7917
SHA1

aad1bf2653923b3ace31ea30a0a1550889be2c4b
SHA256

5cf28d1b370198e76b06cf7859538feaf3cad073966e38f8573318e1b2259d2c
SHA512

83f4a79badaac8e2b627f39d1dc98a5a515ed0fa090dd21b6f79b37560e33a0e0835e0b4211e2d51cb6184a0a99b08cb8406674abb8c9ad51709dcac4741aac9
SSDEEP

98304:9V5Y4P6vQBpwXgOlx8UJEZMFzEMaMFQvpI3:WW6vQ8d8UJE+FgMKpI3

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  winapi.exe
- Size
  
  9.5MB
- MD5
  
  7a2ec7f48de7045598e84d9a6c0d7917
- SHA1
  
  aad1bf2653923b3ace31ea30a0a1550889be2c4b
- SHA256
  
  5cf28d1b370198e76b06cf7859538feaf3cad073966e38f8573318e1b2259d2c
- SHA512
  
  83f4a79badaac8e2b627f39d1dc98a5a515ed0fa090dd21b6f79b37560e33a0e0835e0b4211e2d51cb6184a0a99b08cb8406674abb8c9ad51709dcac4741aac9
- SSDEEP
  
  98304:9V5Y4P6vQBpwXgOlx8UJEZMFzEMaMFQvpI3:WW6vQ8d8UJE+FgMKpI3
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1