16512770eb74b8a655e747a260302126936ca1d426ed79d9fd7aadd371317579 | Triage

Sharing

General

Target

killer.exe
Size

166KB
Sample

240720-281zfa1gqr
MD5

7b3a7907f0489945935bd78d6a8c8df7
SHA1

09baf051a0fcbfec678f5962678ef1041d06b325
SHA256

16512770eb74b8a655e747a260302126936ca1d426ed79d9fd7aadd371317579
SHA512

c6da2f2d19b1f195ba738b619daf0db54d1384678c2b97a13760f6e72315b10dfe0eed228b0a777e2ba7e487306a400d202d48b16271c5880e2e4ad6030f5082
SSDEEP

3072:oahKyd2n3175GWp1icKAArDZz4N9GhbkrNEk+5fJ3qa1qtzF:oahOTp0yN90QE0

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  killer.exe
- Size
  
  166KB
- MD5
  
  7b3a7907f0489945935bd78d6a8c8df7
- SHA1
  
  09baf051a0fcbfec678f5962678ef1041d06b325
- SHA256
  
  16512770eb74b8a655e747a260302126936ca1d426ed79d9fd7aadd371317579
- SHA512
  
  c6da2f2d19b1f195ba738b619daf0db54d1384678c2b97a13760f6e72315b10dfe0eed228b0a777e2ba7e487306a400d202d48b16271c5880e2e4ad6030f5082
- SSDEEP
  
  3072:oahKyd2n3175GWp1icKAArDZz4N9GhbkrNEk+5fJ3qa1qtzF:oahOTp0yN90QE0
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1