0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1 | Triage

Sharing

General

Target

0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
Size

345KB
Sample

220604-s3s7zadch2
MD5

86c4c35439fd5cfe3aff15e8765e2050
SHA1

e12e37c922d5b97c055f5d82f1a6fa7db9ad3e66
SHA256

0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
SHA512

7858a9577ac4ce24d974914a2b25a7c2920c137bcc3dd2af91846bf618c85c6cff57d84a8e26a2840e48b23412ad5c41482a133c22d1958f7ccd674eadd5bd84

Score

10^/10

persistence suricata

Malware Config

Targets

- Target
  
  0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
- Size
  
  345KB
- MD5
  
  86c4c35439fd5cfe3aff15e8765e2050
- SHA1
  
  e12e37c922d5b97c055f5d82f1a6fa7db9ad3e66
- SHA256
  
  0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
- SHA512
  
  7858a9577ac4ce24d974914a2b25a7c2920c137bcc3dd2af91846bf618c85c6cff57d84a8e26a2840e48b23412ad5c41482a133c22d1958f7ccd674eadd5bd84
Score

10^/10

persistence suricata
- suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
  suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
  suricata
- suricata: ET MALWARE Zbot POST Request to C2
  suricata: ET MALWARE Zbot POST Request to C2
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencesuricata

behavioral2

persistencesuricata