General

  • Target

    d30fc78dbb74a199088c33cc696c2ba3ab37e7443bd97d29e390bfeb5b6f6ab6

  • Size

    692KB

  • Sample

    220812-vl3fesaaf3

  • MD5

    4698e3da4899e50dbb70a6dfdb71e506

  • SHA1

    1ed6db89615f4bc647386488482f57a85fb73073

  • SHA256

    d30fc78dbb74a199088c33cc696c2ba3ab37e7443bd97d29e390bfeb5b6f6ab6

  • SHA512

    fc21eb8c9abf9bb1fb5069dc816c7e1a2681bec7a40c4ee0a0d2d254b32125d5c785d4eb594e4a0127b38041d40ec6acd9448187ecd8cbb7a542f5df0e60ec1c

Score
8/10

Malware Config

Targets

    • Target

      d30fc78dbb74a199088c33cc696c2ba3ab37e7443bd97d29e390bfeb5b6f6ab6

    • Size

      692KB

    • MD5

      4698e3da4899e50dbb70a6dfdb71e506

    • SHA1

      1ed6db89615f4bc647386488482f57a85fb73073

    • SHA256

      d30fc78dbb74a199088c33cc696c2ba3ab37e7443bd97d29e390bfeb5b6f6ab6

    • SHA512

      fc21eb8c9abf9bb1fb5069dc816c7e1a2681bec7a40c4ee0a0d2d254b32125d5c785d4eb594e4a0127b38041d40ec6acd9448187ecd8cbb7a542f5df0e60ec1c

    Score
    8/10
    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Command and Control

Web Service

1
T1102

Tasks