eb33266599cc32765ba1ae23507ff01615dd7fccbd153670a37d73a7514613f6 | Triage

Sharing

General

Target

e0ae6b6cfd6544a02517e91b74bda9d5cb98674dc04609743de012354c2cdf22.zip
Size

35KB
Sample

240727-bt8gvsxhmp
MD5

d2f7d8476a54086b7becd6881ffdc532
SHA1

1f1c641b417ee955ac86a1c0648d022bd4610dfe
SHA256

eb33266599cc32765ba1ae23507ff01615dd7fccbd153670a37d73a7514613f6
SHA512

be335fa4c889209269a3491acaade6f01b7d63ae9376d6d502d3ce6d6e682f66bd7f061fded4bdcd6a3f0baa54d91b1d2e6e193628b145e68b0d773850bcd5b0
SSDEEP

768:o+MHOMHRIZvmQ9Qt2aaKyz2zMwTvoPv/86dAjn0dQENgtl:oubOQuthySQCAE6d8mQVl

Score

8^/10

execution

Malware Config

Targets

- Target
  
  e0ae6b6cfd6544a02517e91b74bda9d5cb98674dc04609743de012354c2cdf22
- Size
  
  280KB
- MD5
  
  f399d06a0d5c26fd36f86a7e2187535c
- SHA1
  
  4b55e3a9f2bfc28400097c0bff6a5904706d4833
- SHA256
  
  e0ae6b6cfd6544a02517e91b74bda9d5cb98674dc04609743de012354c2cdf22
- SHA512
  
  10e2cf703124f3048d76ba66736c14baa56052e603d53890f03d9eea47f4909c868bf3dcffdc0de5fb1bda5323c625f11eabdbae9b54f0b52668c5281bd13545
- SSDEEP
  
  1536:fQEjSvrxQrgoc7I5eFgk7OQdjdlYG76p/zIOO5YR:J2vtQrO7I5eFgk7OQd0g6p/NO5YR
Score

8^/10

execution
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2