4fea18aee48fd4d66ae2e5dbe22107b1fcf815e7c90364f86e0ef3ba62ea8dea | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RubyNightV2.exe
Size

176KB
Sample

241018-hwqs6awerq
MD5

c4876f9ff3f9efe47b50ece9919f0155
SHA1

5293e39bd6c8f936e4be5ecda3d2efd26bf950fd
SHA256

4fea18aee48fd4d66ae2e5dbe22107b1fcf815e7c90364f86e0ef3ba62ea8dea
SHA512

0799c08ed3ef2d20c07edd3d74b2c6030f3282fe817cf9e097d42b24242e491565f7ef2450ea3219c8f45ab15fd3fc944c633da4f4dc2d0eeccfa55dc8eb4428
SSDEEP

3072:SMobR7ezAjLOZvmX1ds5GWp1icKAArDZz4N9GhbkrNEk1e2f3Lzw:veR7eammOp0yN90QEk3/

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  RubyNightV2.exe
- Size
  
  176KB
- MD5
  
  c4876f9ff3f9efe47b50ece9919f0155
- SHA1
  
  5293e39bd6c8f936e4be5ecda3d2efd26bf950fd
- SHA256
  
  4fea18aee48fd4d66ae2e5dbe22107b1fcf815e7c90364f86e0ef3ba62ea8dea
- SHA512
  
  0799c08ed3ef2d20c07edd3d74b2c6030f3282fe817cf9e097d42b24242e491565f7ef2450ea3219c8f45ab15fd3fc944c633da4f4dc2d0eeccfa55dc8eb4428
- SSDEEP
  
  3072:SMobR7ezAjLOZvmX1ds5GWp1icKAArDZz4N9GhbkrNEk1e2f3Lzw:veR7eammOp0yN90QEk3/
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1