eee761a6932c45c52e7ca0a901eee84191846058ddfb1973ea850400640808f6 | Triage

Sharing

General

Target

unnamed 1_1.0.1.0.vir
Size

688KB
Sample

200719-8e9ywjxzl2
MD5

01b86c6bdbe6272b7d12b677d6aadbb5
SHA1

23ac6317ee5aba4b9274316aa90bc869127ab30b
SHA256

eee761a6932c45c52e7ca0a901eee84191846058ddfb1973ea850400640808f6
SHA512

2dd48f3d0217a58a26f470cdb2d713350823b3a5ec633bb27617dad9cbe04a3bc472213a43615f12e6b879e32a02213e924bbfb4ff6f455a544d789746eac4c4

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  unnamed 1_1.0.1.0.vir
- Size
  
  688KB
- MD5
  
  01b86c6bdbe6272b7d12b677d6aadbb5
- SHA1
  
  23ac6317ee5aba4b9274316aa90bc869127ab30b
- SHA256
  
  eee761a6932c45c52e7ca0a901eee84191846058ddfb1973ea850400640808f6
- SHA512
  
  2dd48f3d0217a58a26f470cdb2d713350823b3a5ec633bb27617dad9cbe04a3bc472213a43615f12e6b879e32a02213e924bbfb4ff6f455a544d789746eac4c4
Score

8^/10

persistence
- Blacklisted process makes network request
- Deletes itself
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2