9606b7c2a76c2f70134ffba266ff8d1f62df336ed149fe28bb85bf230fa22314 | Triage

Sharing

General

Target

unnamed 1_1.0.0.0.vir
Size

682KB
Sample

200719-y79eszqxqa
MD5

5e6a19522ec875d8920fb28757e463e9
SHA1

72cb35a09f25aba6a9aca0989058ca0ae7f4b8dd
SHA256

9606b7c2a76c2f70134ffba266ff8d1f62df336ed149fe28bb85bf230fa22314
SHA512

93103fbd1cd59c379e8498b10c31da91f2446254b4d0930889143670f68d0ae3c2ff180c751548ef8909f4db4063c35d2dddb0927e792fbd31d76c400fa609e1

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  unnamed 1_1.0.0.0.vir
- Size
  
  682KB
- MD5
  
  5e6a19522ec875d8920fb28757e463e9
- SHA1
  
  72cb35a09f25aba6a9aca0989058ca0ae7f4b8dd
- SHA256
  
  9606b7c2a76c2f70134ffba266ff8d1f62df336ed149fe28bb85bf230fa22314
- SHA512
  
  93103fbd1cd59c379e8498b10c31da91f2446254b4d0930889143670f68d0ae3c2ff180c751548ef8909f4db4063c35d2dddb0927e792fbd31d76c400fa609e1
Score

8^/10

persistence
- Blacklisted process makes network request
- Deletes itself
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2