57fc6db0df25bde1c562461f02760e9431fa3ed31212406313458a8392dc6859 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GT743.7z
Size

14.1MB
Sample

240825-wdvahswekc
MD5

a93d9cc42310a673374ba982bd1b8999
SHA1

a33f91ef44cdc246b8438e021ca69d6488cfefc9
SHA256

57fc6db0df25bde1c562461f02760e9431fa3ed31212406313458a8392dc6859
SHA512

27b19cbe134662da9f65e134cfa5c67bb8f1e2d6e8f2fe95684f1b405bd8047e15e9e3fce4381fb283dff4c5225701d6f611e493c1199434af8123625770de31
SSDEEP

393216:Z3N8qJdZfS41Nvqiyu9Yjk507EU860G6mGGKtQTVHZZfZIGRbA/qWhK:tN8qJdZfaizUk507UbmBK+TDZNRbp

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  File.exe
- Size
  
  780.0MB
- MD5
  
  4fdc988b81c5abf8eef7f40b65ca39d7
- SHA1
  
  55104a5975aefd3c0bf1018947286aff9e079eed
- SHA256
  
  0517c0966212689dd31096eae261fd6014e495c43d91fa2df72eb989ff3bd00b
- SHA512
  
  24d2186164c8bbc3bd28de17974ae64b68b7c7baef16abdfd18c1a47dc987ffc62c9c7294202cec87564ccb0a6ef5201efa244873cebb4f5d55e979c5853143a
- SSDEEP
  
  196608:mvH83m8Nq9jzrGpdg47mWrB0W//nO6UOO:mkW8QjGwSmWKWnOO
Score

6^/10

discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3