7ea834bdbfdc2db2f82f18dcd3b7af5b6784b41e48edd85529b5499e9f66d147 | Triage

Sharing

General

Target

7ea834bdbfdc2db2f82f18dcd3b7af5b6784b41e48edd85529b5499e9f66d147.exe
Size

808KB
Sample

241121-gsfy4szemq
MD5

876c459a7c37025bb121972689062a4d
SHA1

21b6da939343431a533575194614ba6540b1c286
SHA256

7ea834bdbfdc2db2f82f18dcd3b7af5b6784b41e48edd85529b5499e9f66d147
SHA512

32d28fe0e69c3b58651a1a42e07b6ac3f13cf6b3720032f1912b815e5ca011afb7644ab0a1908952f8aa79546c276c13cac376eb4139a82768a29b510707eda5
SSDEEP

12288:P7ZFgZWUkdasXXLY42QF/xbMsQrvlP9Ia8GIbPYkAdwvLRPC6Oe73MFcj:DZFg4U+PX2mcIacPYkAevLRPJyG

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  7ea834bdbfdc2db2f82f18dcd3b7af5b6784b41e48edd85529b5499e9f66d147.exe
- Size
  
  808KB
- MD5
  
  876c459a7c37025bb121972689062a4d
- SHA1
  
  21b6da939343431a533575194614ba6540b1c286
- SHA256
  
  7ea834bdbfdc2db2f82f18dcd3b7af5b6784b41e48edd85529b5499e9f66d147
- SHA512
  
  32d28fe0e69c3b58651a1a42e07b6ac3f13cf6b3720032f1912b815e5ca011afb7644ab0a1908952f8aa79546c276c13cac376eb4139a82768a29b510707eda5
- SSDEEP
  
  12288:P7ZFgZWUkdasXXLY42QF/xbMsQrvlP9Ia8GIbPYkAdwvLRPC6Oe73MFcj:DZFg4U+PX2mcIacPYkAevLRPJyG
Score

8^/10

discovery execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

discoveryexecution