Overview

overview

8

Static

static

af3a50a137...c6.exe

windows7_x64

8

af3a50a137...c6.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af3a50a137967ab56f4b1982abbf88c6.exe

  • Size

    312KB

  • Sample

    200707-94c2fjmz2s

  • MD5

    af3a50a137967ab56f4b1982abbf88c6

  • SHA1

    2e2a6a76111abf0c08e00c6d064b4a3e76d06953

  • SHA256

    f4a1a9d78555e5162dd5aebe870aea13af3a8151d031a6221e5340775457ab8a

  • SHA512

    5e5eefcb934ef033fe7a8dc71039e22966b77483055569c9cb1104010fd372d72ed611d0d80dcb2c4b048c2642e241dd6c219150513e22af11fb8541d621275e

Score
8/10

Malware Config

Targets

    • Target

      af3a50a137967ab56f4b1982abbf88c6.exe

    • Size

      312KB

    • MD5

      af3a50a137967ab56f4b1982abbf88c6

    • SHA1

      2e2a6a76111abf0c08e00c6d064b4a3e76d06953

    • SHA256

      f4a1a9d78555e5162dd5aebe870aea13af3a8151d031a6221e5340775457ab8a

    • SHA512

      5e5eefcb934ef033fe7a8dc71039e22966b77483055569c9cb1104010fd372d72ed611d0d80dcb2c4b048c2642e241dd6c219150513e22af11fb8541d621275e

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks