General

  • Target

    31a3c13af727c9c1155df161fd24f06b91e931f792ebe8cae1fa9f9fd4a7b62b

  • Size

    685KB

  • Sample

    220806-hgzshsbffm

  • MD5

    3e6fd8db5ce226990fe58f40ae9addab

  • SHA1

    3d124b87c679461ac0781858c4032ccd9f1d068e

  • SHA256

    31a3c13af727c9c1155df161fd24f06b91e931f792ebe8cae1fa9f9fd4a7b62b

  • SHA512

    0bde025aa4e1f70b27150871bb0e7306c7eb7786398e3868e291b6f7518676ee23ec24b1692add3e6241a8abbb542757743e395345cda3eebcf469cf5aae6799

Score
8/10

Malware Config

Targets

    • Target

      31a3c13af727c9c1155df161fd24f06b91e931f792ebe8cae1fa9f9fd4a7b62b

    • Size

      685KB

    • MD5

      3e6fd8db5ce226990fe58f40ae9addab

    • SHA1

      3d124b87c679461ac0781858c4032ccd9f1d068e

    • SHA256

      31a3c13af727c9c1155df161fd24f06b91e931f792ebe8cae1fa9f9fd4a7b62b

    • SHA512

      0bde025aa4e1f70b27150871bb0e7306c7eb7786398e3868e291b6f7518676ee23ec24b1692add3e6241a8abbb542757743e395345cda3eebcf469cf5aae6799

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks