Overview

overview

6

Static

static

FIRM ORDER...MH.exe

windows7_x64

6

FIRM ORDER...MH.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FIRM ORDER # 2020-1-32410 21981XMH.lzh

  • Size

    1.1MB

  • Sample

    200707-8m6xdyrdxx

  • MD5

    f3b9a9d6e1e5483b541f0a7bc6b5cb87

  • SHA1

    a83c380601a10c0b7f3b843d9174f0631cc9e8f6

  • SHA256

    8bf871d77503944f04612b7ba14be181e46c0333754aea49927538e1cd597a17

  • SHA512

    587f6118d782f2209e6f1b158acacf9995552f067026bcb4748657acd25b5cf28f9a7fc71e5bc14b5654dd663aad237703c23486c980337d29b5c1dd089cafd0

Score
6/10
persistence

Malware Config

Targets

    • Target

      FIRM ORDER # 2020-1-32410 21981XMH.exe

    • Size

      1.8MB

    • MD5

      3349ba62142880bbe6e35dd4a9be5981

    • SHA1

      f53307dd3ea7e7dfeba1dbd6aa33ffabb3aed628

    • SHA256

      fae5d87e8771f0025e306697f68afe511275e9772af23dfd081ffbfc0b56f38d

    • SHA512

      1dad489fe6ef0d0f99358be688885e10ce2d178b675300e51eff3b169b9952c36e74868d5c8e77388c1ec2c7af895b10e65f21489416caa89de59e746b0a8c37

    Score
    6/10
    persistence

    • Adds Run entry to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks