88c1b0cd97bad80a516aa2ee8e45753a69e2b791aca7f665f32bd6b5c38db1b5 | Triage

Resubmissions

25-08-2024 20:46

240825-zkkanstgqe 10

25-08-2024 20:43

240825-zhyqaavhpr 8

Sharing

General

Target

TMP48CC.tmp
Size

10.6MB
Sample

240825-zhyqaavhpr
MD5

f7a5f232f46b726be8c59c12292fe6ad
SHA1

0a258a105aa343dee4ee96fdb8d8c13f67f83969
SHA256

88c1b0cd97bad80a516aa2ee8e45753a69e2b791aca7f665f32bd6b5c38db1b5
SHA512

243a83037e96c4f56e6def22697075122ccf02bac33291501484209b2319c8bc5690002c48e176d567147d135f698394f4ad7c9468068fe08ba54098385ab420
SSDEEP

196608:9iKqc9NYeYcWuB8KIuW4Drp0dhCed8s4VNvLRMQ3aRmf:Wc9XTWuN/qdcFj7jt3V

Score

8^/10

Malware Config

Targets

- Target
  
  TMP48CC.tmp
- Size
  
  10.6MB
- MD5
  
  f7a5f232f46b726be8c59c12292fe6ad
- SHA1
  
  0a258a105aa343dee4ee96fdb8d8c13f67f83969
- SHA256
  
  88c1b0cd97bad80a516aa2ee8e45753a69e2b791aca7f665f32bd6b5c38db1b5
- SHA512
  
  243a83037e96c4f56e6def22697075122ccf02bac33291501484209b2319c8bc5690002c48e176d567147d135f698394f4ad7c9468068fe08ba54098385ab420
- SSDEEP
  
  196608:9iKqc9NYeYcWuB8KIuW4Drp0dhCed8s4VNvLRMQ3aRmf:Wc9XTWuN/qdcFj7jt3V
Score

8^/10
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2