88fc2f8eb9c8bcd55aac25400b1ade16ca86b67ac26dcfbbc48fe0dddec0596c | Triage

Sharing

General

Target

88fc2f8eb9c8bcd55aac25400b1ade16ca86b67ac26dcfbbc48fe0dddec0596c
Size

4.7MB
Sample

240816-2seq9swanq
MD5

3ed2333986c7d9012d1c7f8a7cfad93b
SHA1

92d6b57a189b8b3bb5901276ecf4b7acd0b15d49
SHA256

88fc2f8eb9c8bcd55aac25400b1ade16ca86b67ac26dcfbbc48fe0dddec0596c
SHA512

6351f752ed3e7dcf5f1e2e51e732077bae46ab2b66f8941b68559523f45b05a1e5dc467b832f1294c333e56f892abf23fdce37b38e579fd7da47f733ecad0b76
SSDEEP

49152:qJkvJrYhZdQ6wxU7egfzI6RvCX9Y4ajiBvpt6EbmDHVEwDne4jt5E9kh33GTPA3K:bih0o5K94itNOxnE9khcI3Fk

Score

8^/10

defense_evasion discovery execution

Malware Config

Targets

- Target
  
  88fc2f8eb9c8bcd55aac25400b1ade16ca86b67ac26dcfbbc48fe0dddec0596c
- Size
  
  4.7MB
- MD5
  
  3ed2333986c7d9012d1c7f8a7cfad93b
- SHA1
  
  92d6b57a189b8b3bb5901276ecf4b7acd0b15d49
- SHA256
  
  88fc2f8eb9c8bcd55aac25400b1ade16ca86b67ac26dcfbbc48fe0dddec0596c
- SHA512
  
  6351f752ed3e7dcf5f1e2e51e732077bae46ab2b66f8941b68559523f45b05a1e5dc467b832f1294c333e56f892abf23fdce37b38e579fd7da47f733ecad0b76
- SSDEEP
  
  49152:qJkvJrYhZdQ6wxU7egfzI6RvCX9Y4ajiBvpt6EbmDHVEwDne4jt5E9kh33GTPA3K:bih0o5K94itNOxnE9khcI3Fk
Score

8^/10

defense_evasion discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

behavioral2

defense_evasiondiscoveryexecution