c88cfb9461d9a438841277f1f31ef0da15d18eaedea9f76ee7c5f47b0c0c1331 | Triage

Sharing

General

Target

4192844c08997d6e198c0511821d0b6cdf8c87aa94cb0b2cd249c114e2c75bb6.zip
Size

4KB
Sample

240727-bva8raxhnk
MD5

a1bbf2c1057c90c8e5779b54649ef44d
SHA1

eff329595ade28a7702e3dee672ac6bc114c6d27
SHA256

c88cfb9461d9a438841277f1f31ef0da15d18eaedea9f76ee7c5f47b0c0c1331
SHA512

4d7292a2694cdbc680c1a5c7b02078d3b5296be7b80b5b7dd1aaf0d62dfe8e3b08831fddca4ff42c61d86f0523bf8ad6b60bf47793276b9bcdd691e8c07ff14e
SSDEEP

96:hPh0q/u/bhGaeqyHCc9+RPoYkUah+MaunARR4gILETjBi19HIhv:Uq/uzwGyhYkFnauAj4gIghim

Score

8^/10

execution

Malware Config

Targets

- Target
  
  4192844c08997d6e198c0511821d0b6cdf8c87aa94cb0b2cd249c114e2c75bb6
- Size
  
  13KB
- MD5
  
  a606f0949c8ad1e0d876065b01e35804
- SHA1
  
  6fc403af8db1a17d32fb593053051992d3aafdb8
- SHA256
  
  4192844c08997d6e198c0511821d0b6cdf8c87aa94cb0b2cd249c114e2c75bb6
- SHA512
  
  22b382871d50a907e434db6bdaf35e317a244f15b73eb8b21cdf9b9e64289815644e649f317307bd536798ce04939f0c88192bf8a08697acaaf8cbc2e76275a0
- SSDEEP
  
  192:KDe1PqAEUWuLAmMxWZtnYGrG4QI9ayRE5F1gl7K8RKctctdPnK0Z6GnYvbViWERD:EeVSwAp4Ztp7QI95yF1aarPnKZBTO
Score

8^/10

execution
- Blocklisted process makes network request
- Deletes itself
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2