04cd12393aa1e04aaca2f1f05a0da8ea1b0003a01a66dfc863991034f836f45a | Triage

Resubmissions

04/10/2024, 00:45

241004-a36h7avgkl 10

03/10/2024, 22:30

241003-2eyl8azfqj 6

Sharing

General

Target

04cd12393aa1e04aaca2f1f05a0da8ea1b0003a01a66dfc863991034f836f45a
Size

1.9MB
Sample

241003-2eyl8azfqj
MD5

a00b2cfa83db42323e19d954710c74e1
SHA1

d24e3546f6b758d64c86e7ac48f422ed97ea729a
SHA256

04cd12393aa1e04aaca2f1f05a0da8ea1b0003a01a66dfc863991034f836f45a
SHA512

cd3d85d24ef07771df20218e7e8743777156151436e58c029a3c89f804c3bbb477dc18fed67f1f5e97d3c5c31522fb673a1a109e47859f683ed7cc600067ec6a
SSDEEP

49152:qvnMlvvvqFI3rUUan7yeCz3i96K0nLAcR3YmPXHXcK:64vWI3rJa7yeCzjDnUcRImPXHr

Score

6^/10

discovery

Malware Config

Targets

- Target
  
  04cd12393aa1e04aaca2f1f05a0da8ea1b0003a01a66dfc863991034f836f45a
- Size
  
  1.9MB
- MD5
  
  a00b2cfa83db42323e19d954710c74e1
- SHA1
  
  d24e3546f6b758d64c86e7ac48f422ed97ea729a
- SHA256
  
  04cd12393aa1e04aaca2f1f05a0da8ea1b0003a01a66dfc863991034f836f45a
- SHA512
  
  cd3d85d24ef07771df20218e7e8743777156151436e58c029a3c89f804c3bbb477dc18fed67f1f5e97d3c5c31522fb673a1a109e47859f683ed7cc600067ec6a
- SSDEEP
  
  49152:qvnMlvvvqFI3rUUan7yeCz3i96K0nLAcR3YmPXHXcK:64vWI3rJa7yeCzjDnUcRImPXHr
Score

6^/10

discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2