f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f | Triage

Sharing

General

Target

f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f.exe
Size

68.2MB
Sample

241119-qhvh7awemg
MD5

0aa16448350af6191bc2640eb7ee065f
SHA1

3369c07295be33a6cae2ae3e0d27613484cb2b1a
SHA256

f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f
SHA512

ff6f42f28fc272c3fffcc3881869c2a2c14f6c98e9b9b4abc41f5b509e24fe4130c0ad67e426a27f27fa386b8774a3f629ffbbc456d8c1273914b6323544a702
SSDEEP

393216:QeO5SoCqeodARSqJP1bmrdO9QNQMdrVFSBdMvfqee4e6yWmFWk:QeOPeCqJ1mZO98Q6rVFSBdMHqee4eb

Score

7^/10

discovery execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f.exe
- Size
  
  68.2MB
- MD5
  
  0aa16448350af6191bc2640eb7ee065f
- SHA1
  
  3369c07295be33a6cae2ae3e0d27613484cb2b1a
- SHA256
  
  f1ed2ef31e620eaf520289a8ddf894de9b97dec7f05de5ff7841c5cc3647133f
- SHA512
  
  ff6f42f28fc272c3fffcc3881869c2a2c14f6c98e9b9b4abc41f5b509e24fe4130c0ad67e426a27f27fa386b8774a3f629ffbbc456d8c1273914b6323544a702
- SSDEEP
  
  393216:QeO5SoCqeodARSqJP1bmrdO9QNQMdrVFSBdMvfqee4e6yWmFWk:QeOPeCqJ1mZO98Q6rVFSBdMHqee4eb
Score

7^/10

discovery execution persistence privilege_escalation
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexecutionpersistenceprivilege_escalation