f0aafbf531e08a0d1370d74e1a908a465613f27017a48dd6110424028c1bb737 | Triage

Sharing

General

Target

f0aafbf531e08a0d1370d74e1a908a465613f27017a48dd6110424028c1bb737.exe
Size

24.9MB
Sample

240726-hm64saselp
MD5

7746635b26b9399419bd5542b2770dbc
SHA1

05e5b7a753a081e3a929af934901896fbf55ec4c
SHA256

f0aafbf531e08a0d1370d74e1a908a465613f27017a48dd6110424028c1bb737
SHA512

e7a340372721c836e70b00274e2e25312adb97f6c014c6d49da92cd41dbc91e5b374a45b4e7e9def68ecab860504cd2e0b8ca5ab7d2ed0cdc01249204d795a61
SSDEEP

786432:2Dchya9CQ+pjF28WRdEWoSBOLBj3epdgx:achZ2jFradElLw

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  f0aafbf531e08a0d1370d74e1a908a465613f27017a48dd6110424028c1bb737.exe
- Size
  
  24.9MB
- MD5
  
  7746635b26b9399419bd5542b2770dbc
- SHA1
  
  05e5b7a753a081e3a929af934901896fbf55ec4c
- SHA256
  
  f0aafbf531e08a0d1370d74e1a908a465613f27017a48dd6110424028c1bb737
- SHA512
  
  e7a340372721c836e70b00274e2e25312adb97f6c014c6d49da92cd41dbc91e5b374a45b4e7e9def68ecab860504cd2e0b8ca5ab7d2ed0cdc01249204d795a61
- SSDEEP
  
  786432:2Dchya9CQ+pjF28WRdEWoSBOLBj3epdgx:achZ2jFradElLw
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence